Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp Enterprise - Webgoat scan

christian | Last updated: Sep 21, 2020 05:49PM UTC

Hello guy's ! I have burp enterprise demo version ( we bought the full one but on the development server I use the trial version) and start a scan on Webgoat. It seams to me that the scanner don't connect to the application with the username / password that I give in the settings and the scan results only gives me 4 high which is really not a good representation of Webgoat as it is vulnerable a LOT. Can you help me with this please ?

christian | Last updated: Sep 21, 2020 06:13PM UTC

Looks like it's because it it a SPA that it is not working. Is Burp enterprise supports SPA applications ?

Hannah, PortSwigger Agent | Last updated: Sep 22, 2020 06:58AM UTC

Hi Have you made sure that you've got browser-powered scanning turned on? You can enable this in your Scan Configurations under "Crawling > Miscellaneous > Use embedded browser for crawl and audit"

christian | Last updated: Sep 23, 2020 05:30PM UTC

Hello Hannah, thanks for the reply, the embedded browser for crawl and audit are on. The tool just don't look at url's from the SPA. Looks like this a functionality is missing for the moment.

Hannah, PortSwigger Agent | Last updated: Sep 24, 2020 10:50AM UTC

Hi As discussed in email, improvements to supporting SPAs are scheduled for next quarter. We will be looking into possibly using WebGoat as part of our testing process. If there's anything else we can help with then please let us know :)

Jose | Last updated: Jan 26, 2021 07:36PM UTC

Using WebGoat or JuiceShop as part of the testing process will be super helpful in replicating how most modern applications behave. We are doing a trial of the Enterprise version and it is also seems to struggle with SPAs.

Hannah, PortSwigger Agent | Last updated: Jan 27, 2021 10:47AM UTC