Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How do i can use SiteMap and Macros from Professional in Enterprise version

Valentyn | Last updated: Oct 29, 2019 12:19PM UTC

I build SiteMap with macros and rules to scan application - and it works well. But in Enterprise version i can't even import my SiteMap (as crawling works bad, it can't even found any post methods, i will be silent about ajax). It's possible to setup Enterprise like in my Pro version?

Liam, PortSwigger Agent | Last updated: Oct 29, 2019 12:22PM UTC

It is not possible to import a Burp Pro Site map into Burp Enterprise. What actions do the macros and rules perform? We are working on enhancements to Burp's crawl engine that will ensure that it deals with JavaScript-heavy applications. We hope to have something to share with you during this quarter.

Burp User | Last updated: Oct 29, 2019 04:49PM UTC

Okay, if it not possible to import SiteMap, how i can cover application by crawl?(or there is some work around?) As i said before crawling really works bad. About macros and rules - i use them to make login request to support the session while scanning, how can i do it in Enterprise version?

Burp User | Last updated: Oct 29, 2019 04:52PM UTC

Is there some hiden settings that can help me?Or extensions?

Burp User | Last updated: Oct 29, 2019 05:30PM UTC

Hello Support! We have been using BURP Professional, created a site map and when using that site map are finding security issues in our product. When we run the Enterprise product that does not support the site map we're finding 0 issues even when testing the same files/pages that were tested using professional. We made the assumption that Enterprise version supported the same functionality as Community and Professional versions. Clearly that assumption was wrong. Is there a way we can configure Enterprise to run and find results similar to what we're seeing with the Professional version? We can jump on a call to review our setup and configuration if that helps, Don

Liam, PortSwigger Agent | Last updated: Oct 30, 2019 08:02AM UTC

Valentyn, there are no hidden settings or extensions that will help with your use-case. We are working on enhancements to the crawler and have plans to ensure session handling is handled better in Burp Enterprise. You mentioned you are using macros and rules, what actions do they perform?

Burp User | Last updated: Nov 01, 2019 09:00AM UTC

Liam, as i said before about macros and rules - we use them to make login request to insert session cookies and token (header) into each Burp requst. Is it possible in some way (meaby with workaround) perform them in Enterprise version?

Liam, PortSwigger Agent | Last updated: Nov 01, 2019 10:36AM UTC

Thanks for clarifying Valentyn. Unfortunately, there is no current workaround for your requirements. We are working on two features that should resolve your testing issue for this application.

Burp User | Last updated: Nov 01, 2019 12:40PM UTC

Hi Liam, I am the manager over Valentyn's department. What is the timing for release of the functionality you are describing? At this point we are seriously considering returning the enterprise licenses we have purchased as they don't meet our needs, especially when comparing the functionality of the Professional version. Is it possible to discuss roadmaps and timing with your Product Management team? Thanks! Don

Liam, PortSwigger Agent | Last updated: Nov 01, 2019 02:48PM UTC

Don, I've been in discussion with our Product Manager for Burp Enterprise this afternoon. Unfortunately, we can't put a precise date on these features at the current time. Could you email office@portswigger.net? They will discuss licensing options with you.

test | Last updated: Sep 14, 2022 07:06AM UTC

I am currently trying to crawl a web application that has the ability to send Ajax in POST requests but it is not working well. I assume the situation is similar to the content of this thread - do you support crawling web applications with Ajax functionality as of 2022? If so, it would be great if you could tell us about a crawling configuration that works well.

Alex, PortSwigger Agent | Last updated: Sep 14, 2022 07:42AM UTC

Hi, We've since made improvements to the scanner which should handle this type of content, depending on the nature of the requests. You can submit your scan logs along with detail on the application and your site configuration to support@portswigger.net for review, we should then be able to offer some advice for scanning. Best regards,

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.