I need to be honest, not so much information around about how to integrate Burp Suite with Microsoft DevOps or TFS, this is why I am writing this article.

Burp suite is a top platform for penetration testing, we can use it for a lot of different scopes, for people working in cybersecurity Burp Suite is a must to have.

Burp Suite offers three versions, Free, Professional and Enterprise, Burp Suite also provides integration for automation testing with Selenium and Jenkins, check below

https://www.securify.nl/blog/SFY20160901/burp-suite-security-automation-with-selenium-and-jenkins.html

What about Microsoft stack, the last version of Burp Suite offer the possibility to expose some API to trigger some events like scanning and retrieve information.
Below how to do that.

First, we need to install Burp Suite Professional edition from here

https://portswigger.net/

Form users option enable the API and select the bind address, in this case I selected all interfaces, in this way I can test using my machine name as well.

Open a browser and navigate to

http://servername:1337/v0.1/

Below a quick example about how to trigger the Burp Suite API using C#
I put the picture as a quick reference, nothing complicates with that, just an HTTP call, you can download the example below

https://drive.google.com/file/d/10ZaNNCh0VZQs7H6q1Tqpk0MNzoYUByvS/view?usp=sharing

The code below returns the scan status and the task number in the HTTP header (not sure why it is named Location)

We can trigger these actions from any type of code or scripting, this is why I think this is the best solution to use for Microsoft Platform.

There is also the option to use, like the login parameters, configuration name or the scope we want to use, so I think pretty cool stuff to use.

About the Burp Suite installation, we can use a dedicated VM in Azure or a Docker image with Kali and Burp Suite.

If you decide on the Docker way you can use the steps below:

Install Docker, if you use Windows download from her

https://docs.docker.com/docker-for-windows/

If you use Linux from apt-get as below

apt-get install docker.io

docker run hello-world

Create the Docker container, if you like Ubuntu use below

docker run -ti –name burprestapi -h burpapi -p 8090:8090 -p 8080:8080 ubuntu:latest /bin/bash

if you like Kali use below

docker run -ti –name burprestapi -h burpapi -p 8090:8090 -p 8080:8080 kalilinux/kali-linux-docker /bin/bash

Download the Burp Suite installation for Linux x64 from here

https://portswigger.net/

In the Docker container enter in the opt folder

Copy the .sh installation file, from the container execute the command below

docker cp burpsuite_pro_linux_v2_0_15beta.sh burprestapi:/opt/

And install Burp Suite as below

bash burpsuite_pro_linux_v2_0_15beta.sh

Enter in the Burp Suite folder

root@burpapi:/opt# cd BurpSuitePro/

Execute the installation

root@burpapi:/opt/BurpSuitePro# ./BurpSuitePro

Accept the license, enter the key and you now have a Burp Suite instance running in a Docker container.

This is very interesting for the automation testing scenario, because we are much more dynamic and scalable.
The Docker option is also convenient, we can execute the container everywhere.

I am always happy and available for questions and chat, feel free to contact me by email or other social channels.

Previous article1533 Azure API calls for a quick troubleshooting in Microsoft Azure using the power of Microsoft Office
Next articleAzure Office Companion is now Aziverso 3.0
I have +25 years of hands-on experience in Cloud Technologies and Cybersecurity, supporting and driving global companies to adopt technologies in the most secure and profitable way. My cores expertises are Security and Cloud Governance, and I strongly believe in the conjunction of both to achieve the top result. In my career, I had the opportunity to lead global cloud infrastructures, providing guidance and leadership in Security and Cloud Governance. Security is my first passion, but I have deep experience in many other areas like Cloud Governance and Integration. I define myself as a very versatile person. In my past, I had the opportunity to work in many different areas, supporting different company roles, from technical roles to Sales, Pre-Sales and High Stakeholders. I see myself as a hands-on geek manager. I love to get my hands dirty and also be able to lead and create important things and initiatives. Mt passion for technology is also the reason for my activities in the IT community. I love sharing my experience and motivating people on engaging the technology with the right motivation and passion. I do conferences around the world, sharing my passion. I have been Microsoft MVP since 2006, Certified Ethical Hacker (CEH) and with a Master in Cybersecurity.

LEAVE A REPLY

Please enter your comment!
Please enter your name here