Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How do I run Burp with Selenium

Kuldeep | Last updated: Jun 28, 2016 11:06AM UTC

Hi, We already have a framework in place that is covering all the functionalities of my application, Now we want to run those tests against Burp via selenium. The idea is to check vulnerabilities in each flow of what selenium is doing and using Burp we could identify the flow which could be targeted by penetration testing, Please suggest. Thanks Kuldeep

PortSwigger Agent | Last updated: Jun 28, 2016 12:48PM UTC

This is a great use case for Selenium and Burp. The normal approach that people take is to configure your web client so that all of Selenium's traffic goes via Burp Proxy (with interception turned off). Then you will capture all of the normal requests that are expected to occur within your application (assuming good test coverage). While the Selenium tests are running, Burp will passively report various issues that it observes. After the Selenium tests have run, you can then carry out active scanning on the captured requests. For example, you can select everything in the Proxy history and choose "Do active scan" from the context menu. In the medium term, we are working on making it much easier to use Burp in an automated way within CI pipelines, and we are aiming to have progress to report on this within the coming year.

Burp User | Last updated: Dec 06, 2016 05:58AM UTC

Hi, Do you have any documentation of using burp in selenium testcases. Thanks in advance, Sandeep

Burp User | Last updated: Dec 06, 2016 06:05AM UTC

Hi, I am also looking for some sort of similar documentation that explains how to use Burp with Selenium. Please suggest !! Thanks, Sheryl

Liam, PortSwigger Agent | Last updated: Dec 06, 2016 01:23PM UTC