Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

See the crawled URLs in Burp enterprise

Thomas Hartmann Jun 11, 2019 08:41AM UTC

Hi,
we just set up a scan for one of our projects which was running for about 6 hours.
But we did not find any output or finding which seems a bit unlikely due ot the number of requests issued (several thousand)
To verify what went potentially wrong I would like to analyze the requests and responses and to see which URLs had been crawled.
Is it possible to find that out with Burp Enterprise

Kind Regards
Thomas


Liam Tai-Hogan Jun 11, 2019 03:06PM UTC Support Center agent

Thomas, it’s not possible to analyze this data using Burp Enterprise. However, Burp Enterprise and Burp Pro use the same crawl and scan engine. Do you have access to Burp Pro to perform the scan? If not, we can provide you with a trial license.

You can use the Logger++ extension to monitor all traffic sent by Burp Scanner:

- https://portswigger.net/bappstore/470b7057b86f41c396a97903377f3d81


Thomas Hartmann Jun 12, 2019 04:17PM UTC
Hmm ok but that does not solve my issue
- first of all I need to know of the specific agentrunning ons. some remote AWS host is able to connect to my customer systems
- and if that is the case I need to figure out some way to authenticate
How can I solve that if Burp Enterprise does really allow e to check wether it is able to reach the dedicated target or if I'm just scanning some error pages?

Fine Burp Pro can do that but it is a different app, running locally on the desktop and not on the remote host where there might be a whole plethora of issues such as network connectivity, firewalls etc....

Not mentioning the pain to configure an authentication sequence ...

Liam Tai-Hogan Jun 13, 2019 02:30PM UTC Support Center agent

You can check which agent performed which scans be clicking in to the individual agent in the Agents console in the web interface. To check whether a particular agent is connecting to the target correctly, you could disable all other agents and perform the scan.

Unfortunately, the best way to check whether an agent is connecting to the target correctly is by assessing the number of unique locations in the Scan details. We have a story in our development backlog to report successful/unsuccessful application logins. Unfortunately, we can’t provide an ETA.

Please let us know if you need any further assistance.


Thomas Hartmann Jun 17, 2019 07:12AM UTC
Thank's for the update. The option to check for a successful login as a project feature would be highly appreciated by us.

Liam Tai-Hogan Jun 17, 2019 09:10AM UTC Support Center agent

Thanks for the feedback Thomas. We’ll update you when we have something to share regarding this feature.


Post Your public answer

Your name
Your email address
Answer