See the crawled URLs in Burp enterprise
we just set up a scan for one of our projects which was running for about 6 hours.
But we did not find any output or finding which seems a bit unlikely due ot the number of requests issued (several thousand)
To verify what went potentially wrong I would like to analyze the requests and responses and to see which URLs had been crawled.
Is it possible to find that out with Burp Enterprise
Thomas, it’s not possible to analyze this data using Burp Enterprise. However, Burp Enterprise and Burp Pro use the same crawl and scan engine. Do you have access to Burp Pro to perform the scan? If not, we can provide you with a trial license.
You can use the Logger++ extension to monitor all traffic sent by Burp Scanner:
- first of all I need to know of the specific agentrunning ons. some remote AWS host is able to connect to my customer systems
- and if that is the case I need to figure out some way to authenticate
How can I solve that if Burp Enterprise does really allow e to check wether it is able to reach the dedicated target or if I'm just scanning some error pages?
Fine Burp Pro can do that but it is a different app, running locally on the desktop and not on the remote host where there might be a whole plethora of issues such as network connectivity, firewalls etc....
Not mentioning the pain to configure an authentication sequence ...
You can check which agent performed which scans be clicking in to the individual agent in the Agents console in the web interface. To check whether a particular agent is connecting to the target correctly, you could disable all other agents and perform the scan.
Unfortunately, the best way to check whether an agent is connecting to the target correctly is by assessing the number of unique locations in the Scan details. We have a story in our development backlog to report successful/unsuccessful application logins. Unfortunately, we can’t provide an ETA.
Please let us know if you need any further assistance.
Thanks for the feedback Thomas. We’ll update you when we have something to share regarding this feature.