Burp Suite User Forum

Login to post

Turn off crawling in enterprise?

Jarad | Last updated: Nov 11, 2019 03:28PM UTC

Is there a configuration which will let me not crawl the site I'm crawling at all and JUST scan the URL(s) provided? I have an application which contains the ability to self-register a user, and I'd like to be able to have Burp Enterprise scan the login page itself without creating a user.

Ben, PortSwigger Agent | Last updated: Nov 11, 2019 03:32PM UTC

Hi Jarad, Unfortunately, an audit only scan is not currently possible in Burp Enterprise. Do you have access to Burp Professional? There is a Login Functions category within the Crawl configuration that handles how the crawler deals with any login functions it encounters. One of the options that can be switched on and off is the Attempt to self-register a user. You could look to create a custom configuration library, within Burp Professional, with this option switched off and then export the configuration. You could then import this into Burp Enterprise and select it for use during your scan. Please let us know if you need any further assistance.

You need to Log in to post a reply. Or register here, for free.