Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Make Enterprise/agent scans fully explore apps with complex logic?

Steve Swann Sep 17, 2019 04:35PM UTC

We use Burp Pro and our usual process is to proxy a browser session where we use the entire application top to bottom through Burp and build a history of base requests and responses to then pass off to the automated scanner.

How is this accomplished with the Enterprise/agent scans?

Thanks!


Steve Swann Sep 17, 2019 07:29PM UTC
I found this: https://portswigger.net/burp/documentation/scanner/crawling

"The requests that the crawler makes as it navigates around are constructed dynamically based on the preceding response, so CSRF tokens in URLs or form fields are handled automatically. This allows the crawler to correctly navigate functions that use complex session-handling, with zero configuration by the user:"

That sounds fantastic! Hope it works.

Liam Tai-Hogan Sep 18, 2019 01:14PM UTC Support Center agent

We do have a story logged in our Enterprise roadmap to provide a proxy function. We’ve made a note of your request and we’ll update you when we release this feature.

Burp Pro and Burp Enterprise use the same crawl and scan engine. So you can test how well Burp crawler maps your application using either edition.

Please let us know if you need any further assistance.


Post Your public answer

Your name
Your email address
Answer