Burp Suite User Forum

Login to post

Burp v2020.12.1 is not able to detect vulnerability in JS apps

Gabriel | Last updated: Jan 12, 2021 12:34PM UTC

Hi, I've been testing the latest version of Burp and I was not able to get any vulnerability reported against JS application. I was using multiple JS vulnerable apps, the most known one being JuiceShop (https://hub.docker.com/r/bkimminich/juice-shop). Is there any public JS app that I can use in order to test the functionality of JS scan and actually get vulnerabilities?

Uthman, PortSwigger Agent | Last updated: Jan 13, 2021 09:50AM UTC

Hi Gabriel, The major issue with JuiceShop is the lack of single-page application support in Burp at present. However, our scanner development team is actively working on improving this. They are specifically testing on JuiceShop too. We will update this thread when some improvements have been made. Using browser-powered scanning (should be enabled by default) certainly helps with most JS applications.

Gabriel | Last updated: Jan 13, 2021 10:08AM UTC

Thanks Uthman! Is there any JS app that I can test with Burp to see how it finds the vulnerabilities?

Uthman, PortSwigger Agent | Last updated: Jan 13, 2021 10:36AM UTC

You are welcome. We do not have any internally apart from https://portswigger-labs.net so feel free to test on that.

You need to Log in to post a reply. Or register here, for free.