Burp Suite Import

Burp Suite Import

Import web application security findings from Burp Suite into NEURO. Bring in Scanner results, manually identified issues, and evidence to accelerate your reporting.

Overview

Burp Suite is the leading web application security testing tool. NEURO imports:

• Scanner findings
• Manual issues
• Request/response data
• Severity ratings
• Remediation guidance

Supported Formats

Format	Source	Recommended
Burp XML	Export from Burp	- Yes
Burp HTML	Report export	Not supported

Exporting from Burp Suite

Export Issues as XML

1. In Burp Suite, go to Target → Site map
2. Right-click on target domain
3. Select Issues → Report issues
4. Or: Scanner → Scan queue → Right-click → Report

Export Settings

Choose these options for best import:

• Format: XML
• Include: All issues or selected
• Details: Full (include request/response)

Export Selected Issues

To export specific findings:

1. Go to Issues view
2. Select issues to export
3. Right-click → Report selected issues
4. Choose XML format
5. Save file

Importing Burp Results

Step-by-Step

1. Open your project in NEURO
2. Navigate to Findings tab
3. Click Import → Burp Suite
4. Upload your XML file
5. Configure options:
   • Severity threshold
   • Include confidence levels
   • Import evidence?
6. Review preview
7. Click Import

Import Options

Option	Description
Minimum Severity	Lowest severity to import
Minimum Confidence	Certain, Firm, or Tentative
Include Evidence	Import request/response
Create Assets	Create web app assets
Deduplicate	Merge similar issues

Severity Mapping

Burp Suite to NEURO:

Burp Severity	NEURO Severity
High	High
Medium	Medium
Low	Low
Information	Informational

Confidence Levels

Burp confidence indicators:

• Certain: Confirmed vulnerability
• Firm: Very likely vulnerability
• Tentative: Possible, needs verification

Consider filtering by confidence:

• Import Certain + Firm for confirmed issues
• Review Tentative manually before including

Imported Data

Finding Fields

Finding Field	Burp Source
Title	Issue name
Description	Issue detail
Severity	Severity rating
Remediation	Remediation detail
Evidence	Request/response
URL	Affected endpoint
Parameter	Vulnerable parameter

Evidence Import

When evidence is included:

• HTTP requests captured
• HTTP responses captured
• Highlighted injection points
• Payload details

Common Burp Findings

Imported Issue Types

Issue Category	Examples
Injection	SQL injection, XSS, Command injection
Authentication	Session issues, weak passwords
Information	Version disclosure, verbose errors
Configuration	Missing headers, insecure cookies
Cryptography	Weak TLS, insecure algorithms

Issue Enhancement

After import, enhance findings:

1. Verify the vulnerability manually
2. Add specific evidence (screenshots)
3. Use AI to improve descriptions
4. Add business context

Handling False Positives

Burp Scanner may report false positives:

Review Process

1. Import all findings
2. Review each finding
3. Mark false positives appropriately
4. Delete or change status

Filtering During Import

Reduce false positives by:

• Only importing High/Medium severity
• Requiring Certain/Firm confidence
• Reviewing preview before import

Deduplication

Same Vulnerability, Multiple URLs

When same issue found on multiple endpoints:

• Group as single finding
• List all affected URLs
• Maintain evidence for each

Settings

• Merge by issue type: Same vulnerability = one finding
• Keep separate: Each instance = separate finding
• Hybrid: User reviews suggestions

Advanced Import

Request/Response Handling

Evidence import options:

• Full request/response
• Highlighted portions only
• None (finding details only)

Large evidence can:

• Increase import time
• Affect finding readability
• Be added manually instead

Burp Extensions

If using Burp extensions that add custom issues:

• Standard format issues import normally
• Custom format may need manual entry
• Check import preview for missing data

Best Practices

Scanning Strategy

For best import results:

1. Active scan complete target
2. Review findings in Burp first
3. Remove obvious false positives
4. Export remaining issues
5. Import into NEURO

Quality Over Quantity

Consider importing in stages:

1. High severity + Certain confidence first
2. Verify and enhance those findings
3. Add Medium severity
4. Review Low/Info as needed

Evidence Management

For important findings:

1. Import finding without evidence
2. Capture clean screenshots manually
3. Add annotated evidence
4. Write specific reproduction steps

Troubleshooting

Import Errors

“Invalid XML”

• Ensure XML format (not HTML report)
• Check file isn’t corrupted
• Re-export from Burp

“No issues found”

• Check severity/confidence filters
• Verify scan found issues
• Try without filters

“Missing data”

• Some fields may be empty in Burp
• Add details manually
• Enhance with AI

Quality Issues

Poor descriptions

• Burp descriptions may be generic
• Use AI enhancement
• Add manual context

Missing evidence

• Re-export with evidence enabled
• Add manually from Burp
• Capture new screenshots

---

Next: Learn about API Integration