Burp GraphQL

Import the JSON data returned from the BurpSuite Enterprise GraphQL API. Append all the issues returned to a list and save it as the value for the key “Issues”. There is no need to filter duplicates, the parser will automatically combine issues with the same name.

Example:

{
    "Issues": [
        {
            "issue_type": {
                "name": "Cross-site scripting (reflected)",
                "description_html": "Issue Description",
                "remediation_html": "Issue Remediation",
                "vulnerability_classifications_html": "<li><a href=\"https://cwe.mitre.org/data/definitions/79.html\">CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></li>",
                "references_html": "<li><a href=\"https://portswigger.net/web-security/cross-site-scripting\">Cross-site scripting</a></li>"
            },
            "description_html": "Details",
            "remediation_html": "Remediation Details",
            "severity": "high",
            "path": "/burp",
            "origin": "https://portswigger.net",
            "evidence": [
                {
                    "request_index": 0,
                    "request_segments": [
                        {
                            "data_html": "GET"
                        },
                        {
                            "highlight_html": "data"
                        },
                        {
                            "data_html": " HTTP More data"
                        }
                    ]
                },
                {
                    "response_index": 0,
                    "response_segments": [
                        {
                            "data_html": "HTTP/2 200 OK "
                        },
                        {
                            "highlight_html": "data"
                        },
                        {
                            "data_html": "More data"
                        }
                    ]
                }
            ]
        }
    ]
}

Example GraphQL query to get issue details:

    query Issue ($id: ID!, $serial_num: ID!) {
        issue(scan_id: $id, serial_number: $serial_num) {
            issue_type {
                name
                description_html
                remediation_html
                vulnerability_classifications_html
                references_html
            }
            description_html
            remediation_html
            severity
            path
            origin
            evidence {
                ... on Request {
                    request_index
                    request_segments {
                        ... on DataSegment {
                            data_html
                        }
                        ... on HighlightSegment {
                                highlight_html
                        }
                    }
                }
                ... on Response {
                    response_index
                    response_segments {
                        ... on DataSegment {
                            data_html
                        }
                        ... on HighlightSegment {
                            highlight_html
                        }
                    }
                }
            }
        }
    }

Sample Scan Data

Sample Burp GraphQL scans can be found here.

Last modified February 5, 2024: Update versions (738dca4)