Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

See the crawled URLs in Burp enterprise

Thomas | Last updated: Jun 11, 2019 08:41AM UTC

Hi, we just set up a scan for one of our projects which was running for about 6 hours. But we did not find any output or finding which seems a bit unlikely due ot the number of requests issued (several thousand) To verify what went potentially wrong I would like to analyze the requests and responses and to see which URLs had been crawled. Is it possible to find that out with Burp Enterprise Kind Regards Thomas

Liam, PortSwigger Agent | Last updated: Jun 11, 2019 08:51AM UTC

Thomas, it's not possible to analyze this data using Burp Enterprise. However, Burp Enterprise and Burp Pro use the same crawl and scan engine. Do you have access to Burp Pro to perform the scan? If not, we can provide you with a trial license. You can use the Logger++ extension to monitor all traffic sent by Burp Scanner: - https://portswigger.net/bappstore/470b7057b86f41c396a97903377f3d81

Burp User | Last updated: Jun 12, 2019 04:17PM UTC

Hmm ok but that does not solve my issue - first of all I need to know of the specific agentrunning ons. some remote AWS host is able to connect to my customer systems - and if that is the case I need to figure out some way to authenticate How can I solve that if Burp Enterprise does really allow e to check wether it is able to reach the dedicated target or if I'm just scanning some error pages? Fine Burp Pro can do that but it is a different app, running locally on the desktop and not on the remote host where there might be a whole plethora of issues such as network connectivity, firewalls etc.... Not mentioning the pain to configure an authentication sequence ...

Liam, PortSwigger Agent | Last updated: Jun 13, 2019 11:26AM UTC

You can check which agent performed which scans be clicking in to the individual agent in the Agents console in the web interface. To check whether a particular agent is connecting to the target correctly, you could disable all other agents and perform the scan. Unfortunately, the best way to check whether an agent is connecting to the target correctly is by assessing the number of unique locations in the Scan details. We have a story in our development backlog to report successful/unsuccessful application logins. Unfortunately, we can't provide an ETA. Please let us know if you need any further assistance.

Burp User | Last updated: Jun 17, 2019 07:12AM UTC

Thank's for the update. The option to check for a successful login as a project feature would be highly appreciated by us.

Liam, PortSwigger Agent | Last updated: Jun 17, 2019 09:09AM UTC

Thanks for the feedback Thomas. We'll update you when we have something to share regarding this feature.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.