Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Fragments in URL [Burp Enterprise]

Jose | Last updated: Jan 28, 2021 07:18AM UTC

Hi, We are doing a trial of Burp Enterprise and are noticing that even when we include URLs like the following to the site: https://example.com/users#role https://example.com/users#permissions https://example.com/users#manage Only https://example.com/users shows up under the "Scanned URLs" tab. Is this expected? Does this mean that the scanner is not effectively scanning the application? Also, is there any way to see all of the requests that the scanner is making? (I confirmed that we are using browser-powered scanning) Thank you.

Ben, PortSwigger Agent | Last updated: Jan 28, 2021 03:15PM UTC

Hi Jose, We recently carried out some work whereby (when using browser powered scanning) Burp does now recognize URL fragments and will now use them during the crawl phase. Previously the scanner would see /page1 and /page1#fragment as the same link so not bother investigating the second. These fragments, however, are not reflected in the Sitemap in Professional or the Scanned URL tab in Enterprise. These views are geared around HTTP requests and responses for which fragments do not exist as a notion so they do not appear there. We are looking to carry out some work in the future to bring these more in line with a modern view of a website - rather than just a map of requests and responses - and fragments will come into play here. In terms of seeing all the of requests that are being made within Burp Enterprise - currently this level of granular detail is not available in Burp Enterprise.

Jose | Last updated: Jan 28, 2021 03:53PM UTC

Thank you, Ben!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.