Burp Suite Enterprise + OWASP Juice Shop
I've tried all of the crawl scan configurations along with varying combinations but have been unable to reproduce the same findings found using Burp Suite Pro (v2.1.07), e.g: Open redirection (DOM-based).
Burp Suite Enterprise scan configurations:
- Crawl limit - 30 minutes
- Never stop crawl due to application errors
- Crawl strategy - most complete
- Never stop audit due to application errors
- Audit coverage - thorough
XSS is not detected (Burp Suite Pro & Enterprise):
To use the experimental version in Burp Enterprise:
First, ensure that you are using Burp Scanner version 2.1.06 in the Settings > Updates page.
Next, turn on the experimental crawler feature in Burp Pro (screenshot attached).
Save the Scan configuration and import it into Burp Enterprise as demonstrated in this tutorial – https://support.portswigger.net/customer/portal/articles/2973443-using-burp-suite-enterprise-creating-a-custom-scan-configuration.