Imports Burp scan reports and store the findings discovered by the Burp Suite scanner with those discovered by WAS. You can import Burp reports to manage your Burp findings with WAS.
Permissions required - User must have WAS module enabled. User account must have these permissions: Access Permission “API Access” and WAS Permission “Import Burp Report”.
These elements are optional and act as filters. When multiple elements are specified, parameters are combined using a logical AND.
Click here for available operators
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
|
webAppId |
Optional |
integer |
(integer)The web application ID. This element is assigned by the service and required for an update request. |
|
purgeResults
|
Optional | boolean |
(boolean) Set to false to indicate if all previous issues for the web application should be retained. By default, it is set to false. Example: <purgeResults>false</purgeResults> |
|
closeUnreportedIssues |
Optional | boolean |
(boolean) Set to false to indicate if all previous issues for the web application should be marked as fixed and should not be reported. By default, it is set to false. <closeUnreportedIssues>false</closeUnreportedIssues> |
|
fileName |
Optional | text |
(text) Name of the Burp XML file to be imported. If name is not specified, default format for the file name is API-ImportBurp-dd-mmm-yy hh:mm:ss |
Let us import a burp report for web application with webAppID equal to 1052902. To import the Burp report, you need to specify the webAppID and then paste the contents of the burp results (XML) file in <burpXml> tag.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-
"<qualys_base_url>/qps/rest/3.0/import/was/burp" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<webAppId>1524084</webAppId>
<purgeResults>false</purgeResults>
<closeUnreportedIssues>false</closeUnreportedIssues>
<fileName>testBurpReportImport</fileName>
<burpXml>
<?xml version="1.0"?>
<!DOCTYPE issues [
<!ELEMENT issues (issue*)>
<!ATTLIST issues burpVersion CDATA "">
<!ATTLIST issues exportTime CDATA "">
<!ELEMENT issue (serialNumber, type, name, host, path, location, severity, confidence, issueBackground?, remediationBackground?, references?, vulnerabilityClassifications?, issueDetail?, issueDetailItems?, remediationDetail?, requestresponse*, collaboratorEvent*, infiltratorEvent*, staticAnalysis*, dynamicAnalysis*)>
<!ELEMENT serialNumber (#PCDATA)>
<!ELEMENT type (#PCDATA)>
<!ELEMENT name (#PCDATA)>
<!ELEMENT host (#PCDATA)>
<!ATTLIST host ip CDATA "">
<!ELEMENT path (#PCDATA)>
<!ELEMENT location (#PCDATA)>
<!ELEMENT severity (#PCDATA)>
<!ELEMENT confidence (#PCDATA)>
<!ELEMENT issueBackground (#PCDATA)>
<!ELEMENT remediationBackground (#PCDATA)>
<!ELEMENT references (#PCDATA)>
<!ELEMENT vulnerabilityClassifications (#PCDATA)>
<!ELEMENT issueDetail (#PCDATA)>
<!ELEMENT issueDetailItems (issueDetailItem*)>
<!ELEMENT issueDetailItem (#PCDATA)>
<!ELEMENT remediationDetail (#PCDATA)>
<!ELEMENT requestresponse (request?, response?, responseRedirected?)>
<!ELEMENT request (#PCDATA)>
<!ATTLIST request method CDATA "">
<!ATTLIST request base64 (true|false) "false">
<!ELEMENT response (#PCDATA)>
<!ATTLIST response base64 (true|false) "false">
<!ELEMENT responseRedirected (#PCDATA)>
<!ELEMENT sender (#PCDATA)>
<!ELEMENT message (#PCDATA)>
<!ELEMENT conversation (#PCDATA)>
<!ELEMENT recipient (#PCDATA)>
<!ELEMENT recipients (recipient*)>
<!ELEMENT smtp (sender, recipients, message, conversation)>
<!ELEMENT collaboratorEvent (interactionType, originIp, time, lookupType?, lookupHost?, requestresponse?, smtp?)>
<!ELEMENT interactionType (#PCDATA)>
<!ELEMENT originIp (#PCDATA)>
<!ELEMENT time (#PCDATA)>
<!ELEMENT lookupType (#PCDATA)>
<!ELEMENT lookupHost (#PCDATA)>
<!ELEMENT infiltratorEvent (parameterName, platform, signature, stackTrace?, parameterValue?, collaboratorEvent)>
<!ELEMENT parameterName (#PCDATA)>
<!ELEMENT platform (#PCDATA)>
<!ELEMENT signature (#PCDATA)>
<!ELEMENT stackTrace (#PCDATA)>
<!ELEMENT parameterValue (#PCDATA)>
<!ELEMENT dynamicAnalysis (source, sink, sourceStackTrace, sinkStackTrace, eventListenerStackTrace, sourceValue, sinkValue, eventHandlerData, eventHandlerDataType, eventHandlerManipulatedData, poc, origin, isOriginChecked, sourceElementId, sourceElementName, eventFiredEventName, eventFiredElementId, eventFiredElementName, eventFiredOuterHtml)>
<!ELEMENT staticAnalysis (source, sink, codeSnippets)>
<!ELEMENT source (#PCDATA)>
<!ELEMENT sink (#PCDATA)>
<!ELEMENT sourceStackTrace (#PCDATA)>
<!ELEMENT sinkStackTrace (#PCDATA)>
<!ELEMENT eventListenerStackTrace (#PCDATA)>
<!ELEMENT sourceValue (#PCDATA)>
<!ELEMENT sinkValue (#PCDATA)>
<!ELEMENT eventHandlerData (#PCDATA)>
<!ELEMENT eventHandlerDataType (#PCDATA)>
<!ELEMENT sourceElementId (#PCDATA)>
<!ELEMENT sourceElementName (#PCDATA)>
<!ELEMENT eventFiredEventName (#PCDATA)>
<!ELEMENT eventFiredElementId (#PCDATA)>
<!ELEMENT eventFiredElementName (#PCDATA)>
<!ELEMENT eventFiredOuterHtml (#PCDATA)>
<!ELEMENT eventHandlerManipulatedData (#PCDATA)>
<!ELEMENT poc (#PCDATA)>
<!ELEMENT origin (#PCDATA)>
<!ELEMENT isOriginChecked (#PCDATA)>
<!ELEMENT codeSnippets (codeSnippet*)>
<!ELEMENT codeSnippet (#PCDATA)>
]>
<issues burpVersion="2.0.20beta" exportTime="Wed May 29 08:45:42 CDT 2019">
<issue>
<serialNumber>5018346890832155648</serialNumber>
<type>16777728</type>
<name>
<![CDATA[Unencrypted communications]]>
</name>
<host ip="172.217.164.116">http://google-gruyere.appspot.com</host>
<path>
<![CDATA[/]]>
</path>
<location>
<![CDATA[/]]>
</location>
<severity>Low</severity>
<confidence>Certain</confidence>
<issueBackground>
<![CDATA[<p>The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.</p><p>
To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.
</p><p>Please note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.</p>]]>
</issueBackground>
<remediationBackground>
<![CDATA[<p>Applications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.</p>]]>
</remediationBackground>
<references>
<![CDATA[<ul><li><a href="https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure">Marking HTTP as non-secure</a></li><li><a href="https://wiki.mozilla.org/Security/Server_Side_TLS">Configuring Server-Side SSL/TLS</a></li><li><a href="https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security">HTTP Strict Transport Security</a></li></ul>]]>
</references>
<vulnerabilityClassifications>
<![CDATA[<ul><li><a href="https://cwe.mitre.org/data/definitions/326.html">CWE-326: Inadequate Encryption Strength</a></li></ul>]]>
</vulnerabilityClassifications>
</issue>
<issue>
<serialNumber>5761124851012705280</serialNumber>
<type>2097920</type>
<name>
<![CDATA[Cross-site scripting (reflected)]]>
</name>
<host ip="172.217.164.116">http://google-gruyere.appspot.com</host>
<path>
<![CDATA[/922324844025/login]]>
</path>
<location>
<![CDATA[/922324844025/login [URL path filename]]]>
</location>
<severity>High</severity>
<confidence>Certain</confidence>
<issueBackground>
<![CDATA[<p>Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.</p><p>The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.</p><p>Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).</p><p>The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. </p>]]>
</issueBackground>
<remediationBackground>
<![CDATA[<p>In most situations where user-controllable data is copied into application responses, cross-site scripting
attacks can be prevented using two layers of defenses:</p><ul><li>Input should be validated as strictly as possible on arrival, given the kind of content that
it is expected to contain. For example, personal names should consist of alphabetical
and a small range of typographical characters, and be relatively short; a year of birth
should consist of exactly four numerals; email addresses should match a well-defined
regular expression. Input which fails the validation should be rejected, not sanitized.</li><li>User input should be HTML-encoded at any point where it is copied into
application responses. All HTML metacharacters, including < > " ' and =, should be
replaced with the corresponding HTML entities (&lt; &gt; etc).</li></ul><p>In cases where the application's functionality allows users to author content using
a restricted subset of HTML tags and attributes (for example, blog comments which
allow limited formatting and linking), it is necessary to parse the supplied HTML to
validate that it does not use any dangerous syntax; this is a non-trivial task.</p>]]>
</remediationBackground>
<references>
<![CDATA[<ul><li><a href="https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html">Using Burp to Find XSS issues</a></li></ul>]]>
</references>
<vulnerabilityClassifications>
<![CDATA[<ul><li><a href="https://cwe.mitre.org/data/definitions/79.html">CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></li><li><a href="https://cwe.mitre.org/data/definitions/80.html">CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)</a></li><li><a href="https://cwe.mitre.org/data/definitions/116.html">CWE-116: Improper Encoding or Escaping of Output</a></li><li><a href="https://cwe.mitre.org/data/definitions/159.html">CWE-159: Failure to Sanitize Special Element</a></li></ul>]]>
</vulnerabilityClassifications>
<issueDetail>
<![CDATA[The value of the URL path filename is copied into the HTML document as plain text between tags. The payload <b>bpi9f<script>alert(1)</script>j4wjy</b> was submitted in the URL path filename. This input was echoed unmodified in the application's response.<br><br>This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.]]>
</issueDetail>
<requestresponse>
<request method="GET" base64="true">
<![CDATA[R0VUIC85MjIzMjQ4NDQwMjUvbG9naW5icGk5ZiUzY3NjcmlwdCUzZWFsZXJ0KDEpJTNjL3NjcmlwdCUzZWo0d2p5P3VpZD1hYWFhJnB3PWJiYmIgSFRUUC8xLjENCkhvc3Q6IGdvb2dsZS1ncnV5ZXJlLmFwcHNwb3QuY29tDQpVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzQuMC4zNzI5LjE1NyBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjMNClJlZmVyZXI6IGh0dHA6Ly9nb29nbGUtZ3J1eWVyZS5hcHBzcG90LmNvbS85MjIzMjQ4NDQwMjUvbG9naW4NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KQ29va2llOiBHUlVZRVJFPQ0KQ29ubmVjdGlvbjogY2xvc2UNCg0K]]>
</request>
<response base64="true">
<![CDATA[SFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29udGVudC10eXBlOiB0ZXh0L2h0bWwNClByYWdtYTogbm8tY2FjaGUNClgtWFNTLVByb3RlY3Rpb246IDANClgtQ2xvdWQtVHJhY2UtQ29udGV4dDogMThlMjRkZDkyZTYwYTNlMTQ0NWJkMTQxNmJmYTAxMGYNClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KRGF0ZTogV2VkLCAyOSBNYXkgMjAxOSAxMzo0MTowNiBHTVQNClNlcnZlcjogR29vZ2xlIEZyb250ZW5kDQpDb250ZW50LUxlbmd0aDogMjE4NQ0KQ29ubmVjdGlvbjogY2xvc2UNCg0KPCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEgVHJhbnNpdGlvbmFsLy9FTiI+CjwhLS0gQ29weXJpZ2h0IDIwMTcgR29vZ2xlIEluYy4gLS0+CjxodG1sPgo8aGVhZD4KPHRpdGxlPkdydXllcmU6IEVycm9yPC90aXRsZT4KPHN0eWxlPgovKiBDb3B5cmlnaHQgMjAxNyBHb29nbGUgSW5jLiAqLwoKYm9keSwgaHRtbCwgdGQsIHNwYW4sIGRpdiwgaW5wdXQsIHRleHRhcmVhIHsKICBmb250LWZhbWlseTogc2Fucy1zZXJpZjsKICBmb250LXNpemU6IDE0cHQ7Cn0KCmJvZHkgewogIGJhY2tncm91bmQ6IHVybCgnY2hlZXNlLnBuZycpIHRvcCBjZW50ZXIgcmVwZWF0OwogIHRleHQtYWxpZ246IGNlbnRlcjsKICBvcGFjaXR5OiAwLjgwOwp9CgpoMiB7CiAgdGV4dC1hbGlnbjogY2VudGVyOwogIGZvbnQtc2l6ZTogMzBwdDsKICBmb250LXdlaWdodDogYm9sZDsKfQoKdGQgewogIHZlcnRpY2FsLWFsaWduOiB0b3A7CiAgcGFkZGluZzogNXB4Owp9CgphLCBhOmhvdmVyIHsKICB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsKICBjb2xvcjogIzAwMDBiYjsKfQoKYTp2aXNpdGVkIHsKICBjb2xvcjogI2JiMDAwMDsKfQoKYS5idXR0b246dmlzaXRlZCB7CiAgY29sb3I6ICMwMDAwYmI7Cn0KCi5jb250ZW50IHsKICB0ZXh0LWFsaWduOiBsZWZ0OwogIG1hcmdpbi1sZWZ0OiBhdXRvOwogIG1hcmdpbi1yaWdodDogYXV0bzsKICB3aWR0aDogOTAlOwogIGJhY2tncm91bmQ6ICNmZmZmY2M7CiAgcGFkZGluZzogMjBweDsKICBib3JkZXI6IDNweCBzb2xpZCAjZmZiMTQ5Owp9CgoubWVudSB7CiAgdGV4dC1hbGlnbjogbGVmdDsKICBwYWRkaW5nOiAxMHB4IDIwcHggMzVweCAyMHB4OwogIG1hcmdpbi1sZWZ0OiBhdXRvOwogIG1hcmdpbi1yaWdodDogYXV0bzsKICBtYXJnaW4tdG9wOiAyMHB4OwogIHdpZHRoOiA5MCU7CiAgYmFja2dyb3VuZDogI2ZmZmZjYzsKICBib3JkZXI6IDNweCBzb2xpZCAjZmZiMTQ5Owp9CgoubWVudS11c2VyIHsKICBjb2xvcjogIzAwMDAwMDsKICBmb250LXdlaWdodDogYm9sZDsKfQoKI21lbnUtbGVmdCB7CiAgZmxvYXQ6IGxlZnQ7Cn0KCiNtZW51LWxlZnQgYSwgI21lbnUtbGVmdCBhOmhvdmVyLCAjbWVudS1sZWZ0IGE6dmlzaXRlZCB7CiAgY29sb3I6ICMwMDAwMDA7Cn0KCiNtZW51LXJpZ2h0IHsKICBmbG9hdDogcmlnaHQ7Cn0KCiNtZW51LXJpZ2h0IGEsICNtZW51LXJpZ2h0IGE6aG92ZXIsICNtZW51LXJpZ2h0IGE6dmlzaXRlZCB7CiAgY29sb3I6ICMwMDAwMDA7Cn0KCi5tZXNzYWdlIHsKICB3aWR0aDogNTAlOwogIGNvbG9yOiAjZmYwMDAwOwogIGJhY2tncm91bmQ6ICNmZmRkZGQ7CiAgYm9yZGVyOiAycHggc29saWQgI2ZmMDAwMDsKICBib3JkZXItcmFkaXVzOiAxZW07CiAgLW1vei1ib3JkZXItcmFkaXVzOiAxZW07CiAgcGFkZGluZzogMTBweDsKICBmb250LXdlaWdodDogYm9sZDsKICB0ZXh0LWFsaWduOiBjZW50ZXI7CiAgbWFyZ2luOiBhdXRvOwogIG1hcmdpbi10b3A6IDIwcHg7CiAgbWFyZ2luLWJvdHRvbTogMjBweDsKfQoKaW5wdXQsIHRleHRhcmVhIHsKICBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmZmZmOwp9CgoucmVmcmVzaCB7CiAgZmxvYXQ6IGNlbnRlcjsKICB3aWR0aDogOTAlOwogIHRleHQtYWxpZ246IHJpZ2h0OwogIG1hcmdpbjogYXV0bzsKICBwYWRkaW5nLXRvcDogMDsKICBwYWRkaW5nLWJvdHRvbTogMnB0OwogIG1hcmdpbi10b3A6IDA7CiAgbWFyZ2luLWJvdHRvbTogMDsKfQoKLmgyLXdpdGgtcmVmcmVzaCB7CiAgbWFyZ2luLWJvdHRvbTogMDsKfQoKPC9zdHlsZT4KCjwvaGVhZD4KCjxib2R5PgoKPGRpdiBjbGFzcz0nbWVudSc+CiAgPHNwYW4gaWQ9J21lbnUtbGVmdCc+CiAgICA8YSBocmVmPScvOTIyMzI0ODQ0MDI1Lyc+SG9tZTwvYT4KICAgICAgCiAgPC9zcGFuPgogIDxzcGFuIGlkPSdtZW51LXJpZ2h0Jz4KICAgICAgCiAgICAgIAogICAgICA8YSBocmVmPScvOTIyMzI0ODQ0MDI1L2xvZ2luJz5TaWduIGluPC9hPgogICAgICB8IDxhIGhyZWY9Jy85MjIzMjQ4NDQwMjUvbmV3YWNjb3VudC5ndGwnPlNpZ24gdXA8L2E+CiAgICAgIAogIDwvc3Bhbj4KPC9kaXY+CgoKCjxkaXYgY2xhc3M9J21lc3NhZ2UnPkludmFsaWQgcmVxdWVzdDogL2xvZ2luYnBpOWY8c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ+ajR3ank8L2Rpdj4KCgo8L2JvZHk+Cgo8L2h0bWw+Cg==]]>
</response>
<responseRedirected>false</responseRedirected>
</requestresponse>
</issue>
<issue>
<serialNumber>7919395047422736384</serialNumber>
<type>5244416</type>
<name>
<![CDATA[Cookie without HttpOnly flag set]]>
</name>
<host ip="172.217.164.116">http://google-gruyere.appspot.com</host>
<path>
<![CDATA[/922324844025/saveprofile]]>
</path>
<location>
<![CDATA[/922324844025/saveprofile]]>
</location>
<severity>Information</severity>
<confidence>Certain</confidence>
<issueBackground>
<![CDATA[<p>If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure makes certain client-side attacks, such as cross-site scripting, slightly harder to exploit by preventing them from trivially capturing the cookie's value via an injected script.</p>]]>
</issueBackground>
<remediationBackground>
<![CDATA[<p>There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.</p><p>You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing. </p>]]>
</remediationBackground>
<references>
<![CDATA[<ul><li><a href='https://www.owasp.org/index.php/HttpOnly'>Configuring HttpOnly</a></li></ul>]]>
</references>
<vulnerabilityClassifications>
<![CDATA[<ul><li><a href="https://cwe.mitre.org/data/definitions/16.html">CWE-16: Configuration</a></li></ul>]]>
</vulnerabilityClassifications>
<issueDetail>
<![CDATA[The following cookie was issued by the application and does not have the HttpOnly flag set:<ul><li>GRUYERE</li></ul>The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.]]>
</issueDetail>
<issueDetailItems>
<issueDetailItem>
<![CDATA[Other: GRUYERE]]>
</issueDetailItem>
</issueDetailItems>
<requestresponse>
<request method="GET" base64="true">
<![CDATA[R0VUIC85MjIzMjQ4NDQwMjUvc2F2ZXByb2ZpbGU/YWN0aW9uPW5ldyZ1aWQ9YWFhYSZwdz1iYmJiYiZpc19hdXRob3I9VHJ1ZSBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLWdydXllcmUuYXBwc3BvdC5jb20NClVwZ3JhZGUtSW5zZWN1cmUtUmVxdWVzdHM6IDENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS83NC4wLjM3MjkuMTU3IFNhZmFyaS81MzcuMzYNCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMw0KUmVmZXJlcjogaHR0cDovL2dvb2dsZS1ncnV5ZXJlLmFwcHNwb3QuY29tLzkyMjMyNDg0NDAyNS9uZXdhY2NvdW50Lmd0bA0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo=]]>
</request>
<response base64="true">
<![CDATA[SFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29udGVudC10eXBlOiB0ZXh0L2h0bWwNClByYWdtYTogbm8tY2FjaGUNClNldC1Db29raWU6IEdSVVlFUkU9ODQ3Nzc1MzB8YWFhYXx8YXV0aG9yOyBwYXRoPS85MjIzMjQ4NDQwMjUNClgtWFNTLVByb3RlY3Rpb246IDANClgtQ2xvdWQtVHJhY2UtQ29udGV4dDogY2YwYWVmNDQyNzIwNGRjZjJhMGE5OTEyOTE0YTIyMWQNClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KRGF0ZTogV2VkLCAyOSBNYXkgMjAxOSAxMzozNjowMiBHTVQNClNlcnZlcjogR29vZ2xlIEZyb250ZW5kDQpDb250ZW50LUxlbmd0aDogMjE0Mw0KRXhwaXJlczogV2VkLCAyOSBNYXkgMjAxOSAxMzozNjowMiBHTVQNCkNvbm5lY3Rpb246IGNsb3NlDQoNCjwhRE9DVFlQRSBIVE1MIFBVQkxJQyAiLS8vVzNDLy9EVEQgSFRNTCA0LjAxIFRyYW5zaXRpb25hbC8vRU4iPgo8IS0tIENvcHlyaWdodCAyMDE3IEdvb2dsZSBJbmMuIC0tPgo8aHRtbD4KPGhlYWQ+Cjx0aXRsZT5HcnV5ZXJlOiBFcnJvcjwvdGl0bGU+CjxzdHlsZT4KLyogQ29weXJpZ2h0IDIwMTcgR29vZ2xlIEluYy4gKi8KCmJvZHksIGh0bWwsIHRkLCBzcGFuLCBkaXYsIGlucHV0LCB0ZXh0YXJlYSB7CiAgZm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7CiAgZm9udC1zaXplOiAxNHB0Owp9Cgpib2R5IHsKICBiYWNrZ3JvdW5kOiB1cmwoJ2NoZWVzZS5wbmcnKSB0b3AgY2VudGVyIHJlcGVhdDsKICB0ZXh0LWFsaWduOiBjZW50ZXI7CiAgb3BhY2l0eTogMC44MDsKfQoKaDIgewogIHRleHQtYWxpZ246IGNlbnRlcjsKICBmb250LXNpemU6IDMwcHQ7CiAgZm9udC13ZWlnaHQ6IGJvbGQ7Cn0KCnRkIHsKICB2ZXJ0aWNhbC1hbGlnbjogdG9wOwogIHBhZGRpbmc6IDVweDsKfQoKYSwgYTpob3ZlciB7CiAgdGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7CiAgY29sb3I6ICMwMDAwYmI7Cn0KCmE6dmlzaXRlZCB7CiAgY29sb3I6ICNiYjAwMDA7Cn0KCmEuYnV0dG9uOnZpc2l0ZWQgewogIGNvbG9yOiAjMDAwMGJiOwp9CgouY29udGVudCB7CiAgdGV4dC1hbGlnbjogbGVmdDsKICBtYXJnaW4tbGVmdDogYXV0bzsKICBtYXJnaW4tcmlnaHQ6IGF1dG87CiAgd2lkdGg6IDkwJTsKICBiYWNrZ3JvdW5kOiAjZmZmZmNjOwogIHBhZGRpbmc6IDIwcHg7CiAgYm9yZGVyOiAzcHggc29saWQgI2ZmYjE0OTsKfQoKLm1lbnUgewogIHRleHQtYWxpZ246IGxlZnQ7CiAgcGFkZGluZzogMTBweCAyMHB4IDM1cHggMjBweDsKICBtYXJnaW4tbGVmdDogYXV0bzsKICBtYXJnaW4tcmlnaHQ6IGF1dG87CiAgbWFyZ2luLXRvcDogMjBweDsKICB3aWR0aDogOTAlOwogIGJhY2tncm91bmQ6ICNmZmZmY2M7CiAgYm9yZGVyOiAzcHggc29saWQgI2ZmYjE0OTsKfQoKLm1lbnUtdXNlciB7CiAgY29sb3I6ICMwMDAwMDA7CiAgZm9udC13ZWlnaHQ6IGJvbGQ7Cn0KCiNtZW51LWxlZnQgewogIGZsb2F0OiBsZWZ0Owp9CgojbWVudS1sZWZ0IGEsICNtZW51LWxlZnQgYTpob3ZlciwgI21lbnUtbGVmdCBhOnZpc2l0ZWQgewogIGNvbG9yOiAjMDAwMDAwOwp9CgojbWVudS1yaWdodCB7CiAgZmxvYXQ6IHJpZ2h0Owp9CgojbWVudS1yaWdodCBhLCAjbWVudS1yaWdodCBhOmhvdmVyLCAjbWVudS1yaWdodCBhOnZpc2l0ZWQgewogIGNvbG9yOiAjMDAwMDAwOwp9CgoubWVzc2FnZSB7CiAgd2lkdGg6IDUwJTsKICBjb2xvcjogI2ZmMDAwMDsKICBiYWNrZ3JvdW5kOiAjZmZkZGRkOwogIGJvcmRlcjogMnB4IHNvbGlkICNmZjAwMDA7CiAgYm9yZGVyLXJhZGl1czogMWVtOwogIC1tb3otYm9yZGVyLXJhZGl1czogMWVtOwogIHBhZGRpbmc6IDEwcHg7CiAgZm9udC13ZWlnaHQ6IGJvbGQ7CiAgdGV4dC1hbGlnbjogY2VudGVyOwogIG1hcmdpbjogYXV0bzsKICBtYXJnaW4tdG9wOiAyMHB4OwogIG1hcmdpbi1ib3R0b206IDIwcHg7Cn0KCmlucHV0LCB0ZXh0YXJlYSB7CiAgYmFja2dyb3VuZC1jb2xvcjogI2ZmZmZmZjsKfQoKLnJlZnJlc2ggewogIGZsb2F0OiBjZW50ZXI7CiAgd2lkdGg6IDkwJTsKICB0ZXh0LWFsaWduOiByaWdodDsKICBtYXJnaW46IGF1dG87CiAgcGFkZGluZy10b3A6IDA7CiAgcGFkZGluZy1ib3R0b206IDJwdDsKICBtYXJnaW4tdG9wOiAwOwogIG1hcmdpbi1ib3R0b206IDA7Cn0KCi5oMi13aXRoLXJlZnJlc2ggewogIG1hcmdpbi1ib3R0b206IDA7Cn0KCjwvc3R5bGU+Cgo8L2hlYWQ+Cgo8Ym9keT4KCjxkaXYgY2xhc3M9J21lbnUnPgogIDxzcGFuIGlkPSdtZW51LWxlZnQnPgogICAgPGEgaHJlZj0nLzkyMjMyNDg0NDAyNS8nPkhvbWU8L2E+CiAgICAgIAogIDwvc3Bhbj4KICA8c3BhbiBpZD0nbWVudS1yaWdodCc+CiAgICAgIAogICAgICAKICAgICAgPGEgaHJlZj0nLzkyMjMyNDg0NDAyNS9sb2dpbic+U2lnbiBpbjwvYT4KICAgICAgfCA8YSBocmVmPScvOTIyMzI0ODQ0MDI1L25ld2FjY291bnQuZ3RsJz5TaWduIHVwPC9hPgogICAgICAKICA8L3NwYW4+CjwvZGl2PgoKCgo8ZGl2IGNsYXNzPSdtZXNzYWdlJz5BY2NvdW50IGNyZWF0ZWQuPC9kaXY+CgoKPC9ib2R5PgoKPC9odG1sPgo=]]>
</response>
<responseRedirected>false</responseRedirected>
</requestresponse>
</issue>
</issues>
</burpXml>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/burp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<Burp>
<id>145201</id>
<webApp>
<id>1524084</id>
<name>
<![CDATA[demoap15webapp]]>
</name>
<url>
<![CDATA[http://10.11.72.37]]>
</url>
</webApp>
<issuesCount>3</issuesCount>
<issues burpVersion="2.0.20beta" exportTime="Wed May 29 13:45:42 UTC 2019">
<issue>
<id>174201</id>
<serialNumber>5018346890832155648</serialNumber>
</issue>
<issue>
<id>174202</id>
<serialNumber>5761124851012705280</serialNumber>
</issue>
<issue>
<id>174203</id>
<serialNumber>7919395047422736384</serialNumber>
</issue>
</issues>
<fileName>testBurpReportImport</fileName>
<errorRecords>
<count>0</count>
</errorRecords>
</Burp>
</data>
</ServiceResponse>
<platform API server>/qps/xsd/3.0/was/burp.xsd