Make Enterprise/agent scans fully explore apps with complex logic?
We use Burp Pro and our usual process is to proxy a browser session where we use the entire application top to bottom through Burp and build a history of base requests and responses to then pass off to the automated scanner.
How is this accomplished with the Enterprise/agent scans?
"The requests that the crawler makes as it navigates around are constructed dynamically based on the preceding response, so CSRF tokens in URLs or form fields are handled automatically. This allows the crawler to correctly navigate functions that use complex session-handling, with zero configuration by the user:"
That sounds fantastic! Hope it works.
We do have a story logged in our Enterprise roadmap to provide a proxy function. We’ve made a note of your request and we’ll update you when we release this feature.
Burp Pro and Burp Enterprise use the same crawl and scan engine. So you can test how well Burp crawler maps your application using either edition.
Please let us know if you need any further assistance.