Apex Code Development You need to sign in to do that
Don't have an account?
JeriMorris How to run Burp scanner against a remote server
I'm developing a SF app that interacts with a remote server via a REST API. The app's interation with the API happens in a VF page's controller, not via the page itself.
From what I understand about the Burp scanner, it sits as a proxy between my browser and the remote server, but since that's not where the API is being called from, I'm concerned that it won't find anything. How should I run the Burp scan in this case?
+ As described in the video on the SF Security page?
+ Develop a simple local HTML test page that has links that exercise the API, and then have the scanner's proxy watch as I click those links?
+ Through some other tool that monitors interaction with the server directly?
Thank you for your help.
- Jeri
You can use curl on the command line tool or you can try SoapUI. (It has REST support) I think you need to set the system wide proxy to get it through burp, but it should work. There is also a REST style parameters setting in burp that you should configure in order to get good results. I hope that helps.