Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Seems not able to crawl HTML in angular js application.

Dhaval | Last updated: Apr 12, 2018 06:39AM UTC

I am crawl an application which is created my angular js. All Burp spider is fetching Post, Get APIs and .js files, What about html pages ? How to effectively crawl an application.

Liam, PortSwigger Agent | Last updated: Apr 12, 2018 07:49AM UTC

You can test Angular applications using Burp, but you need to do some steps manually. In particular, Spider has limited functionality for such applications. You'll need to manually spider the application, with Burp as a proxy to build up the site map. Once you've done this, you can use other Burp tools – Repeater, Intruder, Scanner, etc. – to test the endpoints you've discovered. Please let us know if you need any further assistance.

Burp User | Last updated: Apr 12, 2018 09:02AM UTC

So are you saying not html pages will be shown in site map if application is in Angular JS ? Why such limitations in a paid tool ? Its look like that the same thing we can achieve in ZAP as well.

Liam, PortSwigger Agent | Last updated: Apr 12, 2018 09:06AM UTC

Your application will be shown in the Site map if you crawl the application manually. - https://support.portswigger.net/customer/portal/articles/1783108-recon-and-analysis-with-burp-suite We're working on enhancing Burp Suite's automated crawling functionality.

Burp User | Last updated: Jul 26, 2019 01:32PM UTC

I have the same issue. Crawlers is not detecting any links that are present in the angular components such as <app-root></app-root>. Do u guys have any tutorials or documentations which can help me in detecting links in angular components that are present in .html file?

Liam, PortSwigger Agent | Last updated: Jul 29, 2019 08:08AM UTC

We will be releasing a feature to enable Burp Crawler to handle JavaScript applications. We'll update you when this feature is released.

Burp User | Last updated: Sep 18, 2019 11:25PM UTC

Is the feature released? Can you post an update on the same?

Liam, PortSwigger Agent | Last updated: Sep 20, 2019 07:43AM UTC

Sushma, the feature hasn't been released. It is on this years roadmap. Please let us know if you need any further assistance.

Ben, PortSwigger Agent | Last updated: Sep 25, 2019 10:51AM UTC

Hi Itachi, Burp Suite Professional version 2.1.05 was released with our new experimental crawler (which is able to handle JavaScript heavy applications better than previously) and this has been improved upon in the subsequent 2.1.06 and 2.1.07 releases. Our advice would be to download version 2.1.07 and try it on your web application. Please let us know if you require any further information.

Burp User | Last updated: Jan 10, 2020 09:04PM UTC

Is the feature released? Can you post an update on the same?

Burp User | Last updated: Jan 17, 2020 02:02PM UTC

Hi, Thank you for the update. Is the feature available in Burp Entreprise and if yes, how it is throw ?

Hannah, PortSwigger Agent | Last updated: Jan 17, 2020 02:09PM UTC

This feature is not officially supported in Enterprise. However, the scanner is the same for both Burp Suite Professional and Burp Suite Enterprise. Therefore you can export a scan configuration from Professional and import it into Enterprise.

Burp User | Last updated: Feb 02, 2020 07:23AM UTC

Is the new JavaScript scanning feature available in the community edition? If yes, please share the details to activate or use the same in community edition 2.1.07

Ben, PortSwigger Agent | Last updated: Feb 03, 2020 08:37AM UTC

The website scanning functionality is not available in the Community edition. Please let us know if you require any further information.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.