Burp Suite User Forum

Login to post

How do i can use SiteMap and Macros from Professional in Enterprise version

Valentyn | Last updated: Oct 29, 2019 12:19PM UTC

I build SiteMap with macros and rules to scan application - and it works well. But in Enterprise version i can't even import my SiteMap (as crawling works bad, it can't even found any post methods, i will be silent about ajax). It's possible to setup Enterprise like in my Pro version?

Liam, PortSwigger Agent | Last updated: Oct 29, 2019 12:22PM UTC

It is not possible to import a Burp Pro Site map into Burp Enterprise. What actions do the macros and rules perform? We are working on enhancements to Burp's crawl engine that will ensure that it deals with JavaScript-heavy applications. We hope to have something to share with you during this quarter.

Burp User | Last updated: Oct 29, 2019 04:49PM UTC

Okay, if it not possible to import SiteMap, how i can cover application by crawl?(or there is some work around?) As i said before crawling really works bad. About macros and rules - i use them to make login request to support the session while scanning, how can i do it in Enterprise version?

Burp User | Last updated: Oct 29, 2019 04:52PM UTC

Is there some hiden settings that can help me?Or extensions?

Burp User | Last updated: Oct 29, 2019 05:30PM UTC

Hello Support! We have been using BURP Professional, created a site map and when using that site map are finding security issues in our product. When we run the Enterprise product that does not support the site map we're finding 0 issues even when testing the same files/pages that were tested using professional. We made the assumption that Enterprise version supported the same functionality as Community and Professional versions. Clearly that assumption was wrong. Is there a way we can configure Enterprise to run and find results similar to what we're seeing with the Professional version? We can jump on a call to review our setup and configuration if that helps, Don

Liam, PortSwigger Agent | Last updated: Oct 30, 2019 08:02AM UTC

Valentyn, there are no hidden settings or extensions that will help with your use-case. We are working on enhancements to the crawler and have plans to ensure session handling is handled better in Burp Enterprise. You mentioned you are using macros and rules, what actions do they perform?

Burp User | Last updated: Nov 01, 2019 09:00AM UTC

Liam, as i said before about macros and rules - we use them to make login request to insert session cookies and token (header) into each Burp requst. Is it possible in some way (meaby with workaround) perform them in Enterprise version?

Liam, PortSwigger Agent | Last updated: Nov 01, 2019 10:36AM UTC

Thanks for clarifying Valentyn. Unfortunately, there is no current workaround for your requirements. We are working on two features that should resolve your testing issue for this application.

Burp User | Last updated: Nov 01, 2019 12:40PM UTC

Hi Liam, I am the manager over Valentyn's department. What is the timing for release of the functionality you are describing? At this point we are seriously considering returning the enterprise licenses we have purchased as they don't meet our needs, especially when comparing the functionality of the Professional version. Is it possible to discuss roadmaps and timing with your Product Management team? Thanks! Don

Liam, PortSwigger Agent | Last updated: Nov 01, 2019 02:48PM UTC

Don, I've been in discussion with our Product Manager for Burp Enterprise this afternoon. Unfortunately, we can't put a precise date on these features at the current time. Could you email office@portswigger.net? They will discuss licensing options with you.

You need to Log in to post a reply. Or register here, for free.