🟠Pynt with Burp Suite
Enhance Burp Suite with Pynt for advanced API security testing. Integrate Pynt to automate and extend your security testing capabilities within Burp Suite.
What is Burp Suite?
Burp Suite is a comprehensive platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Two ways of using Pynt with Burp Suite for Efficient API Security Testing:
1. Run Pynt on Burp suite XML traffic output:
One of the most straightforward ways to leverage Pynt for efficient API security testing with Burp Suite is by saving the web application's traffic as an XML file. This process involves capturing the traffic using Burp Suite and then exporting it to an XML format. Once you have the XML file, you can then run Pynt against this file to analyze the captured traffic for potential security issues.
Here is an example of running Pynt against XML output of traffic to goat application:
Download goat_burp.xml file and run:
2. Use Pynt listen as an upstream proxy of Burp
Run pynt listen and set it to capture the domains of the traffic that you want Pynt to scan:
pynt listen --captured-domains <domains>
Setting Upstream Proxy in Burp Suite
To configure Burp Suite to use an upstream proxy, follow these steps:
Open Burp Suite and navigate to the Proxy tab.
Click on the Options sub-tab.
Scroll down to the Upstream Proxy Servers section.
Click on the Add button.
In the dialog that appears, enter the details of the upstream proxy:
Destination host: Leave this as
*
to apply to all destinations, or specify specific hosts.Proxy host: Enter the IP address of Pynt listen
127.0.0.1
Proxy port: Enter the port number of Pynt listen
6666
Click OK to save your upstream proxy configuration.
Now, Burp Suite will route all external traffic through Pynt proxy. Hit enter to trigger Pynt scan.
Last updated