Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Active scan and crawl at the same time?

Gloria | Last updated: Sep 12, 2022 09:56AM UTC

I'm testing Burpsuite Pro on OWASP Juice Shop, a vulnerable web app. I want to be able to crawl and active scan at the same time. For example, if I start the crawl on the root directory "https://<domain>/", I want it to automatically crawl to the /login page and then actively attack the POST /login API to find the SQL injection bug there. Is there a way to do this?

Michelle, PortSwigger Agent | Last updated: Sep 12, 2022 03:07PM UTC

Thanks for your message. Can you describe your workflow in a bit more detail, please? If you have performed an automated crawl of a site, you can then go to the site map to select specific requests and then use the right-click menu to choose 'Do active scan' or Scan -> 'Audit selected items only' if that would help.

Gloria | Last updated: Sep 13, 2022 01:24AM UTC

Thanks for your reply! That is exactly what I've been doing. I do a manual or automated crawl of the site and then go to the Target tab and right-click > Do Active Scan on each endpoint. But there are a lot of endpoints to sort through so if there was a way to have it automatically do active scans on all endpoints of my site as it crawls (either manual crawl or automated crawl), that would greatly reduce my manual work. Please let me know if there is a way to do this, thanks!

Michelle, PortSwigger Agent | Last updated: Sep 13, 2022 12:33PM UTC