Burp Suite integration
Three routes cover PortSwigger Burp Suite: upload the classic Burp XML issue export, upload the Burp REST API JSON, or connect Burp Suite Enterprise directly — Centraleyezer pulls the latest completed scan of each site and imports the issues with base64-decoded request/response evidence. Centraleyezer can also launch Burp scans against your web assets with application logins supplied from the project.
Scan types imported
- Web application DAST issues
- Full request/response evidence
File import
Upload the Burp Suite XML export (one issue element per finding) or the JSON produced by the Burp REST API.
What Centraleyezer expects in the file
- XML per issue: host, issue name, issueDetail (description), remediationBackground, raw request and response, severity (High/Medium/Low/Info).
- JSON: issue_events with the issue’s name, description, severity, path, origin and evidence.
- Web application assets are matched by host / origin URL.
API connection
For Burp Suite Enterprise, enter the Enterprise host and an API key. The Test button lists your sites and their in-scope URLs; each web asset is mapped to a site start URL, and every import pulls the issues of the most recent completed scan for that site.
Configuration
Where to get the credentials
Create an API key in Burp Suite Enterprise (Team → API keys, requires an administrator). The key must be allowed to read the target sites and scans.
What gets imported on every run
- All issues of the latest completed scan per site: issue type, severity, description and remediation background.
- Full HTTP request/response evidence, base64-decoded and stored on the finding.
- Port and protocol derived from the issue origin URL; issues are filtered per asset when a site has multiple scoped URLs.
- TLS/SSL issues additionally feed the certificate inventory.
How imported findings are risk-scored
Every Burp Suite finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.