Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Scan a Single Page Application with Enterprise Scanner

Jeremy | Last updated: Mar 09, 2020 03:23PM UTC

Hello, We have a demo of Enterprise scanner, and we're testing it against a few of our websites. I was able to successfully scan one site, everything went great. When I tried to run it against another site, the scan seems to be missing information or not doing a complete scan. This webpage is written in java as a Single Application page. The scans complete after a new minutes without failure but only seem to scan a few objects, when I would expect more. Does the Enterprise scanner work properly against a Single Application webpage or is there special setup that needs to be performed. The scans are running the following settings: Audit Coverage - thorough Crawl Strategy - Most Complete Minimize False positives Any help would be appreciated.I just want to make sure the info I'm getting out of the scans is complete. I expected to see more.

Uthman, PortSwigger Agent | Last updated: Mar 09, 2020 03:36PM UTC

Hi Jeremy, I presume your application is JavaScript-heavy? The scanner will not be able to perform a full crawl on the application if that is the case. We are working on improvements for this, however. I would suggest manually crawling the application in Burp Pro to populate the Site map, and then running an Audit on specific URLs.

Jeremy | Last updated: Mar 09, 2020 06:15PM UTC

Hi Uthman, Thank you for your response. I had a feeling that Burp Pro was going to be the answer there. I just wanted to make sure I wasn't overlooking something with the Enterprise version. Thank you for your answer.

Jeremy | Last updated: Mar 09, 2020 06:15PM UTC

Hi Uthman, Thank you for your response. I had a feeling that Burp Pro was going to be the answer there. I just wanted to make sure I wasn't overlooking something with the Enterprise version. Thank you for your answer.

Uthman, PortSwigger Agent | Last updated: Mar 10, 2020 09:21AM UTC