Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

How do i can use SiteMap and Macros from Professional in Enterprise version

Valentyn Lobanov Oct 29, 2019 12:19PM UTC

I build SiteMap with macros and rules to scan application - and it works well. But in Enterprise version i can't even import my SiteMap (as crawling works bad, it can't even found any post methods, i will be silent about ajax). It's possible to setup Enterprise like in my Pro version?


Liam Tai-Hogan Oct 29, 2019 02:10PM UTC Support Center agent

It is not possible to import a Burp Pro Site map into Burp Enterprise.

What actions do the macros and rules perform?

We are working on enhancements to Burp’s crawl engine that will ensure that it deals with JavaScript-heavy applications. We hope to have something to share with you during this quarter.


Valentyn Lobanov Oct 29, 2019 04:49PM UTC
Okay, if it not possible to import SiteMap, how i can cover application by crawl?(or there is some work around?) As i said before crawling really works bad. About macros and rules - i use them to make login request to support the session while scanning, how can i do it in Enterprise version?

Valentyn Lobanov Oct 29, 2019 04:52PM UTC
Is there some hiden settings that can help me?Or extensions?

Don Fuller Oct 29, 2019 05:30PM UTC
Hello Support!

We have been using BURP Professional, created a site map and when using that site map are finding security issues in our product.

When we run the Enterprise product that does not support the site map we're finding 0 issues even when testing the same files/pages that were tested using professional.

We made the assumption that Enterprise version supported the same functionality as Community and Professional versions. Clearly that assumption was wrong.

Is there a way we can configure Enterprise to run and find results similar to what we're seeing with the Professional version?

We can jump on a call to review our setup and configuration if that helps,

Don

Liam Tai-Hogan Oct 30, 2019 01:38PM UTC Support Center agent

Valentyn, there are no hidden settings or extensions that will help with your use-case.

We are working on enhancements to the crawler and have plans to ensure session handling is handled better in Burp Enterprise.

You mentioned you are using macros and rules, what actions do they perform?


Valentyn Lobanov Nov 01, 2019 09:00AM UTC
Liam, as i said before about macros and rules - we use them to make login request to insert session cookies and token (header) into each Burp requst. Is it possible in some way (meaby with workaround) perform them in Enterprise version?

Liam Tai-Hogan Nov 01, 2019 11:34AM UTC Support Center agent

Thanks for clarifying Valentyn.

Unfortunately, there is no current workaround for your requirements. We are working on two features that should resolve your testing issue for this application.


Don Fuller Nov 01, 2019 12:40PM UTC
Hi Liam,

I am the manager over Valentyn's department.

What is the timing for release of the functionality you are describing? At this point we are seriously considering returning the enterprise licenses we have purchased as they don't meet our needs, especially when comparing the functionality of the Professional version.

Is it possible to discuss roadmaps and timing with your Product Management team?

Thanks!

Don

Liam Tai-Hogan Nov 01, 2019 04:36PM UTC Support Center agent

Don, I’ve been in discussion with our Product Manager for Burp Enterprise this afternoon. Unfortunately, we can’t put a precise date on these features at the current time.

Could you email office@portswigger.net? They will discuss licensing options with you.


Post Your public answer

Your name
Your email address
Answer