Burp
Examples
Burp cat burp.xml | reptor burp
cat burp.xml | reptor burp --upload # Upload findings as notes
cat burp.xml | reptor burp --push-findings # Create findings from scan results
Pushed Burp findings
Burp findings as notes
Filter your Burp results:
Burp Filter cat burp.xml | reptor burp --filter-severity medium-high --push-findings
cat burp.xml | reptor burp --include-plugins 2097928 ,2097936 --push-findings # Include only plugin IDs 2097928, 2097936
cat burp.xml | reptor burp --exclude-plugins 2097928 ,2097936 --push-findings # Exclude plugin IDs 2097928, 2097936
reptor burp -i burp_1.xml burp_2.xml --push-findings # Use multiple input files
You can add those filter settings to your config by running:
Retrieve the XML file
Export the scanning results from Burp Professional or Burp Enterprise .
Known limitations
All uploaded findings are rated as "Info"
Burp scans/reports don't offer a CVSS score. If you use CVSS scores for severity ratings in your SysReptor reports, all findings are rated as "Info" because the CVSS vector is not available.
Burp findings rated as "Info"
There are the following solutions:
Add CVSS ratings manually after the upload
Add CVSS ratings to your finding templates
Change the risk rating in your SysReptor design from CVSS to severity
Usage
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25 usage: reptor burp [-h] [--conf] [-i [INPUT ...]]
[--format | --upload | --push-findings | --template-vars | --parse | --upload-finding-templates]
[--severity-filter SEVERITY_FILTER]
[--exclude EXCLUDED_PLUGINS] [--include INCLUDED_PLUGINS]
Burp vulnerability importer
optional arguments:
-h, --help show this help message and exit
--conf, --config Configure plugin settings
-i [INPUT ...], --input [INPUT ...]
Input file, if not stdin (multiple files allowed)
--format
--upload
--push-findings
--template-vars Print template variables (needed for finding template customization).
--parse
--upload-finding-templates
Upload local finding templates to SysReptor
--severity-filter SEVERITY_FILTER
Filter findings by severity comma-separated ("info,low,medium,high") or as range ("medium-high")
--exclude EXCLUDED_PLUGINS
Exclude plugin IDs, comma-separated
--include INCLUDED_PLUGINS
Include plugin IDs, comma-separated; default: all are included