Burp extension released: Send to Dradis

We’ve created a Burp extension that adds a context menu to send Issues directly to Dradis from Burp’s Scanner interface.

Download and instructions:

If you give it a try, let us know what you think.

-Daniel

Where can we find the API token required for the Burp Plugin?

Hi @LanMan,

For CE it’s the shared password of the server. For Pro, in your Profile page.

HTH,
Daniel

Thanks, still having a problem. I deployed Dradis on Cloud9 (not sure if that is the issue).
Here are screenshots:

Burp Config

Message when sending issue

Hi @LanMan,

Can you confirm the output of:

curl -i -u etd:[pass] http://dradis-ce.dev/api/issues

For your C9 URL? Unless that is working there is something going on with the connection (SSL cert), domain, port, password, etc.

HTH,
Daniel

I never followed up on this one, I ended up buying to pro version. If anyone else has the same issue I am sure they will bump this thread.

It was a long an arduous debug process, it came down to Ruby > JRuby > Java not taking the same path to make an HTTP request than Burp does, so we had to rewrite the HTTP-sending part of the extension. You can follow progress here:

https://github.com/dradis/burp-dradis/pull/1

Background info:

https://support.portswigger.net/customer/portal/questions/16753904-let-s-encrypts-certificates

https://support.portswigger.net/customer/en/portal/questions/16799646-jruby-sslsocket-error?new=16799646

This should be fixed in v0.0.3. It’s not released in Burp’s store yet, but you can give it a try here:

https://raw.githubusercontent.com/dradis/burp-dradis/master/burp-dradis.rb