Burp Suite User Forum

Login to post

Burp Suite Enterprise Cannot Use Login <form> with no action="path" attribute

Kevin | Last updated: Oct 15, 2020 04:51PM UTC

Hello, I discovered an issue recently with the Burp Suite Enterprise crawler. I have a web application that populates the HTML login form action attribute using JavaScript when the button to submit the form is pressed. The form looks like this in static HTML <form id="LoginForm" method="post" novalidate>. After the button to submit the form is pressed, client-side JavaScript adds 'action="/path/to/login.aspx"' to the form. Burp Enterprise does not use this login form unless I statically code an action attribute into the form element. Thank you, Kevin

Liam, PortSwigger Agent | Last updated: Oct 16, 2020 06:24AM UTC

Hi Kevin Thanks for your message. We're currently working on improving our support for scanning SPAs. We hope to have something to share with your towards the end of the year. We'll update you when we release this improvement. Cheers Liam Tai-Hogan PortSwigger Web Security

You need to Log in to post a reply. Or register here, for free.