Crawling and Auditing a Shibboleth Protected website
We are trying to crawl and audit a shibboleth protected site and am only seeing the public facing pages being crawled and audited.We can see the sitemaps and items when manually traversing the site via the proxy and browser. I believe when 2.0 was in beta I was able to use my credentials to crawl and audit the site but that could of been an extension. Is there any knowledge or hints on how to do this?
Burp’s crawl and audit won’t currently handle applictations using SSO. We have a story in our dev backlog to produce a record login feature that will help with your testing requirements. We’ll update you when we release this feature.