Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How do I use Burpsuite to scan the requests created during execution of TestCafe scripts

Shruti, | Last updated: Apr 08, 2021 07:38AM UTC

We are using TestCafe as our Automation testing tool and running its scripts to get security threats of web application. Since TestCafe use local IP address, port and session ID in the URL before actual application URL, requests are not getting scanned completely and get abandoned errors for them after execution of TestCafe scripts gets completed and that session got killed. Is there any workaround to complete this security testing using same TestCafe scripts?

Michelle, PortSwigger Agent | Last updated: Apr 08, 2021 01:53PM UTC

Thanks for your message. Would you be able to share an example of one of these requests and describe the steps you are taking to help us understand your setup in more detail? Have you been able to proxy these requests via Burp but see issues with the scans? Are you performing an audit-only scan? If you would rather share this information directly you can contact us via email using support@portswigger.net.

Shruti, | Last updated: Apr 09, 2021 09:17AM UTC

We are basically using Test Café as scripting tool. I am able to record the requests on the burp but facing these issues while scans. I am performing this test using Active and passive scans

Ben, PortSwigger Agent | Last updated: Apr 09, 2021 10:36AM UTC

Hi, Are you able to provide us with an example of one of the requests that have been generated so that we can see what these generally look like? If you would prefer to do this privately then please feel free to send us an email at support@portswigger.net.

Pawar, | Last updated: May 18, 2021 07:56AM UTC

ried running Test Café scripts on burp, since Test Café is itself a proxy based tool, so it was creating one session on local machine using proxy setup, so burp was scanning the local machine IP with port number as host instead of using Application URL as host. All the requests going to server were having test café session id appended with the request. In host, local machine IP along side port is coming, and complete application URL is coming as requests along side session token. Once, Test Café execution is completed, session is closed and all the requests started giving abandoned errors. the screen shot is shared through mail Please respond asap

Ben, PortSwigger Agent | Last updated: May 18, 2021 10:51AM UTC

Hi, We have received your email and will respond via that medium.

Jasvant | Last updated: Jun 03, 2021 12:39PM UTC

We are also facing the same Issue , could you please let me know what could be the fix

Ben, PortSwigger Agent | Last updated: Jun 04, 2021 07:05AM UTC

Hi, Are you able to send us an email at support@portswigger.net and provide us with some details of the specific issues that you are facing?

Flora | Last updated: Jul 26, 2021 04:06PM UTC

Hi, I found a way to use useproxy(). https://testcafe.io/documentation/402649/reference/testcafe-api/runner/useproxy For example: const testRunner = testCafe.createRunner(); testRunner.useproxy("127.0.0.1:8080")

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.