Thursday, October 9, 2014

Burp integrates with WebInspect

We're very pleased to announce that Burp is now integrated with the WebInspect vulnerability scanner, thanks to a new extension created by the WebInspect team. People who make use of both Burp and WebInspect can use this integration to share findings between the two products, and make your testing workflows more efficient.

To use the integration, first install the WebInspect Connector extension from the BApp Store. Then, in the WebInspect tab, enter the API URL for your instance of WebInspect (for example: http://localhost:8083/webinspect), and click "Connect":

The UI will display the list of WebInspect scans:

To start working with a WebInspect scan, select it from the list and click "Attach to scan". A new tab will open showing the results of the scan:

You can send items from WebInspect to Burp by selecting one or multiple vulnerabilities in the WebInspect scan tab, and use the context menu to perform the following actions:
  • Send to Spider
  • Send to Intruder
  • Send to Repeater
  • Create issue - this will add the vulnerability to Burp Scanner's results

Issues created in Burp's results are tagged with "[WebInspect]":

You can send items from Burp to WebInspect as follows:
  • Select one or multiple issues in the Burp Scanner results.
  • Use the context menu option "Send to WebInspect".
  • Select an open WebInspect scan.

This will create the issue in WebInspect, and will also create a crawling session based on the selected base request. Issues created in WebInspect's results are tagged with "[Burp]":

We hope that people who use both Burp and WebInspect will find the integration helpful. We plan to announce further integrations between Burp and other leading web security products in the coming months.


Anonymous said...

Great Work! Love to see this integration with IBM AppScan as well.

Anonymous said...

AppScan integration would be awesome!

Anonymous said...

+1 on the AppScan intregration... it would be great to see if for both AppScan Enterprise as well as Standard editions.

Anonymous said...

Netsparker integration would be good too.

Anonymous said...

IBM AppScan integration would be fantastic.

Anonymous said...

how can we help with the AppScan integration?

Anonymous said...

Would be great to see such integration with Acunetix too

Anonymous said...

I tried to connect, it got connected. But the UI doesn't show the list of scans.
What is that I can see in UI;

1) Running scans ?
2) Completed scans ?
3) Incompleted scans ?

How to troubleshoot this ? I connected to HP WI server but nothing shows up in Burp WebInspect UI.

Thanks in advance.

Liam said...


Have you checked out our tutorial for "Integrating Burp Suite with HP WebInspect"?


Anonymous said...

I tried the above tutorial too. But still the scans doesn't show up. My Burp is connected to my HP webinspect (I confirmed using netstat command), but I cannot see the scans list, current scans, completed scans anything in Burp UI.

Anonymous said...

I know this should not effect anything, but my HP WI server and Burp are on 2 different machines. I was able to connect to HP WI using its hostname, port and credentials. Any help is appreciated.

Anonymous said...

I also get buttons "Refresh Scans" and "Open scans".. But I don't see any scan to select and open.

Dafydd Stuttard said...

Are you using the latest version of the WebInspect BApp? This was updated recently to fix some issues.

IF you're still having trouble, please liaise with your WebInspect support contact, as the Burp integration is provided and maintained by them.

Anonymous said...

I got help from HP team - The problem was I have SQL with my HP WI, so I created a new service account with SQL priviliages.. and then went to service.msc.. looked for Webinspect API.. and added to logon as a service for the new service account created.

Anonymous said...

Thank you for your help :-), There is also a bug as I cannot sort using Date column when the scans are [popped up. I have reported it, HP is going to fix that soon. thank you again guys.