Burp Suite User Forum

Login to post

Crawling and Auditing a Shibboleth Protected website

Dereck | Last updated: Nov 14, 2019 05:07PM UTC

We are trying to crawl and audit a shibboleth protected site and am only seeing the public facing pages being crawled and audited.We can see the sitemaps and items when manually traversing the site via the proxy and browser. I believe when 2.0 was in beta I was able to use my credentials to crawl and audit the site but that could of been an extension. Is there any knowledge or hints on how to do this?

Liam, PortSwigger Agent | Last updated: Nov 15, 2019 10:59AM UTC

Burp's crawl and audit won't currently handle applictations using SSO. We have a story in our dev backlog to produce a record login feature that will help with your testing requirements. We'll update you when we release this feature.

You need to Log in to post a reply. Or register here, for free.