Community in read only mode June 18 & 19
This community will be set in READ ONLY mode for a while on Tuesday June 18 into Wednesday June 19 while we import content and users from our Micro Focus Forums community site. MORE INFORMATION
LouisNadeau Absent Member.
Absent Member.
4402 views

WebInspect Burp Extension : unable to send to webinspect

I'm trying the new Burp to WebInspect plugin. I'm able to connect to my WebInspect server and query the scans and I can see the successful connection in Burp Alerts tab :

1412190817389 Extender WebInspect Connector: Connected to: http://{I removed the address}

However, the contextual menu to send request from Burp to WebInspect does not seems to work. When I right click on a request, I see the "Send to webinspect" menu (with an arrow indicating more choices) but when I hover over it nothing happen.

What should I see ? Do I need to do something else beside "connecting" in the WebInspect tab to enable this feature ?

Thanks

Labels (1)
0 Likes
4 Replies
Jeremy_Brooks Absent Member.
Absent Member.

Re: WebInspect Burp Extension : unable to send to webinspect

You will need to open a scan in the list first. When you connected to WebInspect via the API from Burp, a list of scans should have been populated. Double click the scan you wish to interact with and then it should appear in the context menus through out Burp under the Send To WebInspect submenu.

Are you seeing any scans in the list?

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: WebInspect Burp Extension : unable to send to webinspect

This write-up by Portswigger may also shed light on BURP's use of this API.

 

 

 

I underlined what is in line with Jeremy's suggestion:

 

<<

To use the integration, first install the WebInspect Connector extension from the BApp Store. Then, in the WebInspect tab, enter the API URL for your instance of WebInspect (for example: http://localhost:8083/webinspect), and click "Connect".

 

The UI will display the list of WebInspect scans.

 

To start working with a WebInspect scan, select it from the list and click "Attach to scan". A new (WebInspect scan) tab will open showing the results of the scan.

 

You can send items from WebInspect to Burp by selecting one or multiple vulnerabilities in the WebInspect scan tab, and use the context menu to perform the following actions:

  • Send to Spider
  • Send to Intruder
  • Send to Repeater
  • Create issue - this will add the vulnerability to Burp Scanner's results

 

Issues created in Burp's results are tagged with "[WebInspect]".

>>


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
aap89 Absent Member.
Absent Member.

Re: WebInspect Burp Extension : unable to send to webinspect

Is this possible to do the reverse? Can I include findings from Burp to WebInsepct ? When I click on Send to WebInspect option , I see an error in Burp's Alerts tab -  

WebInspect Connector: Lost communication with WebInspect. Try reconnecting.

 I am able to connnect to WebInspect API and see the scan list. I amalso able to open the already completed scan. But when I try to add the vulnerabliity discovered by Burp Scanner to already opened WebInspect scan, it gives me the above error.

Please help me fix this. I am using HPE WebInspect version 10.16.

Thanks.

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: WebInspect Burp Extension : unable to send to webinspect

Yes, findings from BURP's Scanner tab can be pushed into existing Scans in the WebInspect listings.  Those entries will have a moniker of "BURP" added to their session so it is a little obvious back in the WebInspect UI as to which are which.  However, to push these findings to WebInspect you need the Scanner tab in BURP, which is only present for BURP Pro, not BURP Community Edition.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.