Akto - API Security platform
Akto WebsiteStart freeBook a demoDiscordGitHub
  • Github Open Source Repo
  • What is Akto?
  • AktoGPT
  • AGENTIC AI
    • Akto MCP Server
  • Getting Started
    • Deployment Types
    • Akto Cloud
      • Connect Akto with Hybrid SaaS
      • Migrate From Self Hosted Setup To SaaS
      • Setting up proxy
    • Akto Self Hosted
      • AWS deploy
        • AWS multi-VPC deploy
        • AWS Cross-Region Cross-VPC deploy
        • Custom subdomain on Akto on AWS
      • Helm Deploy
      • Azure Deploy
      • Openshift Deploy
      • Heroku
      • GCP Deploy
    • Local Deploy
    • FAQs on data concerns
  • Traffic Connector
    • Traffic Data Sources
    • eBPF
      • Connect Akto with eBPF
      • Connect Akto with eBPF on mTLS
    • Kubernetes
      • Connect Akto with Kubernetes in AWS
      • Connect Akto eBPF with Kubernetes
    • API Gateways
      • Connect Akto with Envoy
      • Connect Akto with NGINX
      • Connect Akto with Istio
      • Connect Akto with HAProxy
      • Connect Akto with Azure API Management
      • Connect Akto with F5
      • Connect Akto with 3Scale
      • Connect Akto with Layer7 API Gateway
      • Connect Akto with Citrix
      • Connect Akto with Kong
      • Connect Akto with Kong Mesh
      • Connect Akto with Cloudflare
      • Connect Akto with IBM Connect
      • Connect Akto with Mulesoft Flex Gateway
      • Connect Akto with Apigee
    • Mirroring
      • Connect Akto with AWS Traffic Mirroring
      • Connect Akto with GCP Packet Mirroring
    • AWS Services
      • Connect Akto with AWS Beanstalk
      • Connect Akto with AWS API Gateway
      • Connect Akto with AWS Lambda
      • Connect Akto with AWS API Gateway with CloudWatch OAM
      • Connect Akto with AWS API Gateway with service account (Temporary Credentials)
      • Connect Akto with AWS Fargate
      • Connect Akto with AWS EKS
      • Connect Akto with AWS ECS
    • GCP Services
      • Connect Akto with GCP Packet Mirroring
      • Connect Akto with Apigee
      • Connect Akto with Google Cloud Run Functions
      • Connect Akto with Google Cloud Run
      • Connect Akto with GKE
    • Azure Services
      • Connect Akto with Azure App Services
      • Connect Akto with Azure API Management
      • Connect Akto with AKS
      • Connect Akto with Azure OpenShift
      • Connect Akto with Azure Container App
      • Connect Akto with Azure Functions
    • Akto SDK
    • Source Code
      • GitHub
      • Bitbucket
      • GitLab
      • API inventory from source code
      • Source code installation
    • Virtual Machines
      • Connect Akto with Docker
      • Connect Akto on TLS service
      • Connect Akto with TCP Agent
    • Manual
      • Connect Akto with Burp suite
      • Connect Akto with Postman
      • Connect Akto with OpenAPI
      • Add API traffic to Akto using HAR file upload
      • API Import: WSDL in Akto
    • Configure TLS on kafka
  • API Inventory
    • Concepts
      • API Endpoints
      • Meta Properties of API Endpoint
      • API Collection
      • Explore mode
      • Data Types
      • API Groups
      • Environment Type
      • Protocol Support in Akto
      • API Changes
      • Third Party APIs
      • Tags
      • API Dependency Graph
      • Sensitive Data
      • Alerts
      • Shadow APIs
      • Zombie APIs
      • Risk Score
      • Auth types
      • Access Type
      • API discovery from source code
      • Advanced Filter Option
    • How-To
      • Enable Tree view for API collections
      • Export an API Collection to Postman
      • Export an API Collection to Burp
      • Create API group
      • Collection-Based RBAC
      • Descriptions for API Collections & Endpoints
      • Remove API(s) from API group
      • Deactivate an API Collection
      • Add collection using Explore Mode
      • De-merge API
      • Create Swagger File Using Akto
      • Copy API Endpoints Data
      • Add an API Collection
      • Set environment type
      • Delete an API Collection
      • Create a Custom Data Type
      • Reset Data Types in Akto
      • Set Sensitivity of a Data Type
      • De-activate a data type
      • Add a Custom Auth Type
      • Reset an Auth Type
      • Configure Access Types
      • View New API Endpoint
      • Add Private CIDRs list
      • View New Parameters
      • Configure alerts on API changes
      • Create a custom collection
      • Redact sensitive data
      • Extract APIs from github hosted source code using our Github Action
      • Extract APIs from source code using our Docker based CLI
      • Remove Bad Endpoints
      • Create New Tags
      • Edit Tags
  • API Protection
    • Overview
    • Concepts
      • Threat Policy
  • WAF
    • AWS WAF
    • Cloudflare WAF
  • Test Editor
    • Concepts
      • Overview
      • Test YAML
      • Test Library
      • Custom Test
      • Test YAML Syntax (Detailed)
        • ID
        • Info
        • Wordlists
        • Auth
        • API Selection Filters
        • Execute
        • Validation
        • Contexts
        • Strategy
        • Conditional flows
      • Template YAMLs
        • Local File Inclusion with Akto
      • Dynamic severity
    • How To
      • Edit Test
      • Create a Custom Test
      • Deactivate Test
      • Play in Test Editor Background
      • Copy Test Content
      • Opening Endpoint in Test Editor
      • Add a New Test Library
      • Contribute to Test Library
  • API Security Testing
    • Concepts
      • Severity Levels
      • Test
      • Result types
      • Test Role
      • User Config
      • Test Result
      • JSON Recording for Automated Auth Tokens
    • How To
      • Run Test
      • Auto-Create Jira Tickets
      • Edit Test Settings
      • Install testing module in your Cloud
        • Ephemeral Storage for Hybrid Runtime
        • gRPC Testing in Hybrid Testing Module
      • Create Custom Test Suites
      • Recalculate Issue Counts
      • Testing Module Selector in Akto
      • Run Tests by Category
      • Export Vulnerability Report from Test Results
      • Test Multiple APIs
      • Schedule Tests
      • Stop Tests
      • Run Test on Any One Endpoint
      • Configure global rate limit
      • Rescan Specific Issues Resolved
      • Configure Pre-request Script
      • Set Up JSON Recording for Auth Tokens
      • Create a Test Role
      • Edit Auth Flow in Test Roles
      • Restrict Access to a Test Role Using RBAC
      • Play in Test Editor Playground
      • Conduct Role-Based Testing
      • Run tests in CLI using Akto
      • Secure GraphQL APIs using Akto
      • Secure REST APIs using Akto
      • Secure SOAP APIs using Akto
      • Create and Edit Auth Types
  • Issues
    • Concepts
      • Overview
      • Values
      • Vulnerability Report
      • Remediation
    • How To
      • Jira Integration
      • Azure DevOps Boards Integration
      • Triage Issues
        • Review Issues Marked as False Positives
      • Export Selected Issues to Reports
      • Export Vulnerability Report
  • CI/CD
    • GitHub Actions
      • Create GitHub App
    • Jenkins
    • Azure DevOps
    • GitLab
    • Generic CI/CD
    • How To
      • Run tests in CI/CD
      • Add test to CI/CD Pipeline
      • Get API Credentials
      • Test ID from Akto test
  • Account
    • Invite User
      • Change role of a User
    • Create a New Account
    • How to Switch Between Accounts in Akto
    • Understanding Role Permissions
    • Custom roles
    • Audit Logs
    • SSO
      • Azure AD SAML
      • Okta OIDC
      • Github OIDC
      • Google Workspace SSO
      • Add Members From SSO
  • Compliance
    • Concepts
      • Overview
  • API security posture
    • Concepts
      • Overview
  • SIEM Integration
    • Splunk
  • Alerts
    • Slack Webhook
    • Microsoft Teams Webhook
    • Setup alerts for Akto test run results
  • Pricing
    • Pricing Plans
    • How To
      • Upgrade Your Plan
      • Downgrade Your Plan
      • Sync Usage Data
  • API reference
    • API reference
  • Components
    • Dashboard
    • Testing module
    • Traffic mirroring module
    • Runtime analyzer
    • Context analyzer
    • Puppeteer server
    • Other OSS
    • robots.txt
  • Troubleshooting
    • How to get logs
    • How to disable logging
    • How to update helm deployments
  • Stay Updated on New Releases
  • Support
Powered by GitBook
On this page
  • Introduction
  • Pre-requisites for Akto Burp connection
  • Configuring Burp extension in Akto Dashboard
  • What's next?
  • Frequently Asked Questions (FAQs)
  • Troubleshooting Guide
  • Get Support for your Akto setup

Was this helpful?

  1. Traffic Connector
  2. Manual

Connect Akto with Burp suite

Learn how to send API traffic data from Burp suite to Akto from your environment.

PreviousManualNextConnect Akto with Postman

Last updated 7 months ago

Was this helpful?

Introduction

needs your staging, production or other environment's traffic to Discover APIs and analyze for AP misconfiguration. It does so by connecting to one of your traffic sources. If you don't have access to staging or production environment, you can create API inventory using Burp's traffic.

Note that traffic from Burp Suite won't be automated like the native cloud connectors.

Burp connector is recommended for Akto or only. For an automated inventory, you will want to use other automated traffic connectors.

Pre-requisites for Akto Burp connection

  1. Make sure you have Burp Suite Community edition or professional installed on your system.

  2. You should have an active Akto account which is accessible from your machine.

Configuring Burp extension in Akto Dashboard

In the demonstration below, we have first bridged the connection between our Akto account and the Burp Suite account before we can start populating the API traffic in our API inventory. This integration begins by downloading the executable “Jar file” provided in the Akto account. Later on, this file is uploaded to the Burp Suite account to initiate the installation of the Akto extension.

Once the extension was successfully installed in the Burp Suite account, we navigated back to Akto to copy the AKTO ID & AKTO TOKEN and paste the values in the relevant fields provided under the Akto extension tab in Burp Suite.

What's next?

Frequently Asked Questions (FAQs)

1. How can I send data related to only a particular domain - example.com to Akto via Burp?

Step 1: In Burp Suite, open Target tab, click on Scope settings

Step 2: Inside the Scope settings popup, click on Add button inside the Target scope section and add the prefix of the url i.e. https://example.com.

Step 3: Now scroll down to Out-of-scope request handling section and select the Drop all out of scope requests checkbox. Note: this option will not allow the proxy browser to access any other urls and hence data related to no other urls will be sent to Akto.

2. What should I do if my API key has expired or is invalid?

If your API key has expired or is invalid, you will see a dialog box with the error message "Invalid API key" To resolve this issue:

Step 1: Open the Akto dashboard.

Step 2: Navigate to Settings > Integrations > Burp.

Step 3: Generate a new token and copy it.

Step 4: Paste the new token into the "Options" tab of Burp under AKTO_TOKEN.

3. Does the Akto Burp plugin processes all the network calls passing through the proxy?

Akto processes only API traffic. Network calls like getting media files are excluded.

4. How to pause sending data to Akto?

In Burp Suite, go to Akto tab> Options. Disable the setting Send data to Akto automatically.

5. I want to re-export the same data in a different collection. How can I do this in Burp using the Akto plugin?

To re-export the same data into a different collection using the Akto Burp extension, follow these steps:

Step 1: Open Burp Suite and navigate to the Akto tab.

Step 2: In the Akto tab in Burp Suite, locate the "Options" tab.

Step 3: Inside the "Options" tab, you can change the collection name to your desired new name.

Step 4: Once you've updated the collection name, the changes are automatically saved.

Step 5: Re-export the data using the updated collection name, and it will be saved as a separate collection with the new name, allowing you to organize and manage your data effectively in Burp.

6. Can I import ZAP traffic into Akto?

Yes, you can import ZAP (Zed Attack Proxy) traffic into Akto using the Akto plugin. Here's how:

Step 1: Open the Akto tab in your Burp Suite in your chosen environment.

Step 2: Navigate to the Options tab within the Akto tab in Burp Suite.

Step 3: In the Options tab, you'll find a feature that allows you to import ZAP traffic.

Step 4: Follow the provided instructions to import ZAP traffic data into Akto.

By utilizing this feature in the Akto plugin, you can seamlessly import ZAP traffic alongside other data sources, enabling comprehensive monitoring and analysis within the Akto platform.

Troubleshooting Guide

If you encounter connectivity issues with the Akto server, follow these steps:

1. If you see a dialog box with the error message "Connection to localhost failed: Connection refused," it means that the Akto server is not reachable from your Burp instance.

To check and ensure reachability to the Akto server, follow these steps:

Step 1: Open a Web Browser: Launch a web browser on the same machine where Burp is installed.

Step 2: Enter Akto Server URL: In your web browser's address bar, enter the same URL or IP address that you previously configured in the "AKTO_IP" setting within the Burp plugin. This URL corresponds to the location where Akto's services are hosted. Attempt to Access Akto: Press Enter or click "Go" to navigate to the Akto server's URL.

Step 3: Observe Response: Pay attention to the response from the Akto server. If the server is reachable and responsive, you should see a page or message indicating successful access. If you encounter any errors or the page doesn't load, it suggests a connectivity issue.

2. I can't see all my APIs in the Burp collection. What should I check?

If you cannot see data in the Burp collection, ensure the following: The traffic in your Burp API Collection has a 2xx status code because Akto ignores non-2xx API traffic data. Check the response codes for the requests you are monitoring.

3. Why are rows highlighted in black within the Akto Burp plugin's table view, and how can I resolve this issue?

If you notice rows being highlighted in black within the Akto Burp plugin's table view, it signifies an issue with data presentation. This issue is commonly encountered when there is a conflict with another plugin called LoggerPlusPlus. To resolve this issue, follow these steps:

Step 1: Remove LoggerPlusPlus Plugin:

The black highlighting issue is often caused by conflicts with the LoggerPlusPlus plugin. To resolve this, you should remove the LoggerPlusPlus plugin from your Burp installation for Akto extension to work.

Step 2: Refresh the Table:

After removing the LoggerPlusPlus plugin, refresh the table view within the Akto Burp plugin. You may need to close and reopen the Akto Burp plugin or take any necessary steps specified in the plugin's interface to update the view.

4. Akto extension unable to send data after I reinstalled it in burp for a different akto account

  1. Load the Akto extension in burp suite and open Akto tab, click on Options and then click on Reset All Settings.

  2. Now click on Extensions and reload the akto extension by unchecking and then checking the checkbox. Note: This should load the new settings for the akto extension.

Get Support for your Akto setup

There are multiple ways to request support from Akto. We are 24X7 available on the following:

  1. In-app intercom support. Message us with your query on intercom in Akto dashboard and someone will reply.

  2. Contact help@akto.io for email support.

Head to to learn more. Once you start seeing inventory, you can run API Security tests on your APIs. See to select tests you want to run on your APIs.

Join our for community support.

Contact us .

API Discovery
Akto's test library
discord channel
here
Akto
Open source
free tier
Akto Burp connection Demo
Scope settings in burp
Add target scope
Add prefix
Add scope
Drop all out of scope requests
Scope settings in burp
Add target scope
Add prefix
Add scope
Drop all out of scope requests