⚡️Host-Specific Collection Creation in Burp Upload

[shivam-rawat-akto]

💭 Introduction:

Akto offers multiple channels for generating an API inventory, including AWS, GCP, and Burp. APIs are currently organised as a part of a collection, with all APIs uploaded via Burp automatically assigned to the Burp collection. However, we aim to enhance this system by creating host-specific collections to improve utilisation. This will allow us to better organise APIs according to host, enabling more efficient management and use of our API inventory.

🎯 Requirements:

• Experience with Java
• Basic understanding of Burp

✅ Task summary:

• [ ] Ask to be assigned to the issue.
• [ ] Wait to be assigned. We will try to assign in less than 2 hours.
• [ ] Currently, we use same apiCollectionId for all API uploads via Burp. Check here.
• [ ] We will have to do a lot of 🪄 here. Firstly, extract the "host" header from the request headers. If null, use original apiCollectionId.
• [ ] Secondly, use a new API collection id based on this "host" header. A simple strategy is to do hostHeader.hashCode(). Create this collection in a similar manner as this one here.
• [ ] Use the new API Collection id as collection_id instead of result.put("akto_vxlan_id", collection_id+"");
• [ ] Submit a pull request here

🙋🏼‍♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.

[atharvamalji]

Hi if this issue is still open, I would love to be assigned on it. Currently using SpringBoot for few of my personal projects and I think I can resolve the issue and submit the pull request.

[avneesh-akto]

I've assigned it to you, @atharvamalji . Happy hacking! Feel free to join our Discord if you need assistance.

PS: This is a challenging issue.. so I will suggest you discuss the approach with our team before you start the implementation.