Burp extension released: Send to Dradis


#1

We’ve created a Burp extension that adds a context menu to send Issues directly to Dradis from Burp’s Scanner interface.

Download and instructions:

If you give it a try, let us know what you think.

-Daniel


#2

Where can we find the API token required for the Burp Plugin?


#3

Hi @LanMan,

For CE it’s the shared password of the server. For Pro, in your Profile page.

HTH,
Daniel


#4

Thanks, still having a problem. I deployed Dradis on Cloud9 (not sure if that is the issue).
Here are screenshots:

Burp Config


#5

Message when sending issue


#6

Hi @LanMan,

Can you confirm the output of:

curl -i -u etd:[pass] http://dradis-ce.dev/api/issues

For your C9 URL? Unless that is working there is something going on with the connection (SSL cert), domain, port, password, etc.

HTH,
Daniel


#7

I never followed up on this one, I ended up buying to pro version. If anyone else has the same issue I am sure they will bump this thread.


#8

It was a long an arduous debug process, it came down to Ruby > JRuby > Java not taking the same path to make an HTTP request than Burp does, so we had to rewrite the HTTP-sending part of the extension. You can follow progress here:

https://github.com/dradis/burp-dradis/pull/1

Background info:

https://support.portswigger.net/customer/portal/questions/16753904-let-s-encrypts-certificates

https://support.portswigger.net/customer/en/portal/questions/16799646-jruby-sslsocket-error?new=16799646


#9

This should be fixed in v0.0.3. It’s not released in Burp’s store yet, but you can give it a try here:

https://raw.githubusercontent.com/dradis/burp-dradis/master/burp-dradis.rb