🟠Pynt with Burp Suite

What is Burp Suite?

Burp Suite is a comprehensive platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Two ways of using Pynt with Burp Suite for Efficient API Security Testing:

1. Run Pynt on Burp suite XML traffic output:

One of the most straightforward ways to leverage Pynt for efficient API security testing with Burp Suite is by saving the web application's traffic as an XML file. This process involves capturing the traffic using Burp Suite and then exporting it to an XML format. Once you have the XML file, you can then run Pynt against this file to analyze the captured traffic for potential security issues.

To do this, follow these steps within Burp Suite:

1. Go to the **Proxy** tab and then to the **HTTP history** tab.
2. Select the traffic you are interested in analyzing.
3. Right-click the selected traffic and choose **Save items**.
4. In the Save dialog, select **XML** as the file format and choose a location to save your file.
5. Run Pynt by specifying the saved XML file as input.

Here is an example of running Pynt against XML output of traffic to goat application:

Download goat_burp.xml file and run:

pynt burp --xml goat_burp.xml

2. Use Pynt listen as an upstream proxy of Burp

Run pynt listen and set it to capture the domains of the traffic that you want Pynt to scan:

pynt listen --captured-domains <domains>

Setting Upstream Proxy in Burp Suite

To configure Burp Suite to use an upstream proxy, follow these steps:

  1. Open Burp Suite and navigate to the Proxy tab.

  2. Click on the Options sub-tab.

  3. Scroll down to the Upstream Proxy Servers section.

  4. Click on the Add button.

  5. In the dialog that appears, enter the details of the upstream proxy:

    • Destination host: Leave this as * to apply to all destinations, or specify specific hosts.

    • Proxy host: Enter the IP address of Pynt listen

    • Proxy port: Enter the port number of Pynt listen 6666

  6. Click OK to save your upstream proxy configuration.

Now, Burp Suite will route all external traffic through Pynt proxy. Hit enter to trigger Pynt scan.

Last updated