Burp Suite User Forum

Login to post

Scanning cloud-enabled application

Karthik | Last updated: May 28, 2016 09:08AM UTC

Hello, We have a web application that is deployed as cloud-enabled application and using CDN. This can be accessed only by hostname and not using IP address. This hostname resolves to 3+ different IP address. Direct access to the application without CDN is also not possible Question 1: Can we scan such applications using Burp ? Question 2: Will there be any impact if IP changes while scanning is in progress ? Is yes, can we alleviate by creating a static DNS entry in our host file ? Question 3: Not related to Burp,in General, can we scan application deployed as mentioned above using any tools and will the result be accurate ?

PortSwigger Agent | Last updated: May 31, 2016 10:15AM UTC

1. Yes, if you scan Burp via the hostname, it should work as normal. 2. If there is a round-robin arrangement for DNS resolution, and already resolved IP addresses continue working (which is almost certainly the case, given how browsers work), then this shouldn't cause any problems for Burp. You can shorten Burp's caching of DNS lookups, to ensure changes are reflected in Burp more quickly, at Project options / Connections / Timeouts / Domain name resolution.

You need to Log in to post a reply. Or register here, for free.