Configure the Burp-Dradis Extension

Send issues directly from Burp's Scanner into your Dradis project using the REST API.

This guide contains:

Before you begin

This guide assumes that you have Burp Professional Edition installed and activated on your local system. If you don't have Burp Professional Edition installed and activated, please visit the PortSwigger website for more details.

At this time, the Burp-Dradis extension creates Issues, but not the corresponding Evidence. We welcome any pull requests on the burp-dradis GitHub repo for this open-source add-on!

Install the Burp-Dradis Extension

  1. Within the Burp interface, navigate to the Extender tab, open the BApp Store tab, and select the Dradis Framework extension.

  2. Click Download JRuby and download a .jar file from JRuby.

  3. Back in the Burp interface, navigate to the Extender tab and open the Options tab.

  4. Under Ruby Environment, select the .jar file from your local system.

  5. Navigate back to the Extender tab, open the BApp Store tab, and click Refresh List.

  6. Select the Dradis Framework extension again and confirm that the Install button is now available.

    If the Install button is not available, check the Ruby Environment configuration and the .jar file that you selected.

  7. Click Install and confirm thaht the Installed checkbox is now selected for Dradis Framework in the list of extensions.

Configure the Burp-Dradis Extension

Under the Dradis Framework tab, you'll need to configure several values.

If you don't see the Dradis Framework tab, make sure that you've properly installed the burp-dradis extension.

Dradis URL

This is the URL of your Dradis instance. Enter that value into the Dradis URL field in Burp's Dradis Framework tab.

API Token

  1. Log in to Dradis and open up your profile by clicking the avatar icon in the top right corner of your screen. Then, select Profile from the dropdown that appears.

  2. On your Profile page, scroll down below Confirm password to find your API token:

  3. Paste that API token value into the API Token field in Burp's Dradis Framework tab.

Project ID

Find the ID of the Project you want to send the Issues to by examining the URL within Dradis. If the Project ID is 23 the URL will look like /pro/projects/23.

Enter that ID value into the Project ID field in Burp's Dradis Framework tab.

Path

This one is easy! Set it to: /pro/

Once you've configured all of the values above, don't forget to click Save before moving on!

Send Issues to Dradis

First, do your thing! Collect all your data within Burp. Run scans, perform tests, and find issues.

  1. Within Burp, open the Target tab, then open the Site map tab.
  2. Find a host that contains an Issue that you want to send to your Dradis Project.
  3. Right-click on the Issue and select Send to Dradis from the dropdown that appears.

If you see this message, congratulations! You just sent an Issue from Burp to your Dradis Project.

Great job, you reached the end of the guide! Have you read all of them?