Burp Suite User Forum

Login to post

Make Enterprise/agent scans fully explore apps with complex logic?

Steve | Last updated: Sep 17, 2019 04:35PM UTC

We use Burp Pro and our usual process is to proxy a browser session where we use the entire application top to bottom through Burp and build a history of base requests and responses to then pass off to the automated scanner. How is this accomplished with the Enterprise/agent scans? Thanks!

Burp User | Last updated: Sep 17, 2019 07:29PM UTC

I found this: https://portswigger.net/burp/documentation/scanner/crawling "The requests that the crawler makes as it navigates around are constructed dynamically based on the preceding response, so CSRF tokens in URLs or form fields are handled automatically. This allows the crawler to correctly navigate functions that use complex session-handling, with zero configuration by the user:" That sounds fantastic! Hope it works.

Liam, PortSwigger Agent | Last updated: Sep 18, 2019 01:08PM UTC

We do have a story logged in our Enterprise roadmap to provide a proxy function. We've made a note of your request and we'll update you when we release this feature. Burp Pro and Burp Enterprise use the same crawl and scan engine. So you can test how well Burp crawler maps your application using either edition. Please let us know if you need any further assistance.

You need to Log in to post a reply. Or register here, for free.