Burp Suite User Forum

How do I run the Web Application Vulnerability scan for websites which is protected by CDN WAF

Anubhav | Last updated: May 21, 2020 03:20AM UTC

Hi, I am trying to run the scan in the Burp Enterprise version but my scan is failing again and again. This is may be because of CDN WAF is present. I tried with the low threads also but after running for 1 day it again got stopped. Also i want to know that how to run the authenticated scan which uses OTP as an authentication in Burp Enterprise ? There is no option to configure this type of scans. Our team is evaluating this tool. Will it be possible for you guys to provide a demo and help us to find out the solutions for above mentioned queries ?

Uthman, PortSwigger Agent | Last updated: May 21, 2020 08:00AM UTC

Hi Anubhav, Can you provide more detail on the failed scans? Are they all for the same site? What error are you seeing in the UI? What scan configuration are you using? Can you please email us on support@portswigger.net with further information? Screenshots and logs will be helpful. You can find the logs at C:\ProgramData\BurpSuiteEnterpriseEdition on Windows and /var/log/BurpSuiteEnterpriseEdition on Mac/Linux. We are planning to increase support for a range of authentication types by implementing a recorded login feature. However, this will not be able to handle OTPs (in the initial release, anyway).

Anubhav | Last updated: May 21, 2020 11:28AM UTC

Hi, Yes, all the scan for the same site and that site is protected by WAF. Because of that the scan is showing ' Failed : Scan not progressing' error. Hence, I need to know how to run the scan successfully if there is a WAF.

Uthman, PortSwigger Agent | Last updated: May 21, 2020 12:25PM UTC

We would really need the logs to ascertain what is going on. Please can you replicate the issue and send them to support@portswigger.net?

You need to Log in to post a reply. Or register here, for free.