YMMV if you are using a different edition.
BURP SUITE CORPORATE USE HOW TO
If you have Community Edition, you simply are missing features like the automated web vulnerability scanner and have no scan reporting.įor the rest of this article, I will show you how to extract as much reporting data as possible from Burp Suite Professional Edition. I’ve talked about this before in the Beginner’s Guide to API Hacking and a more recent article on writing automation scripts using Professional Edition’s new BCheck script feature. If this is your profession, you should be paying for your professional tools. No, most of us SHOULD have Professional Edition. However, most of us don’t have Enterprise Edition.
You can learn all about generating reports in Enterprise Edition by reading their docs here. And you can export all issue data from one place. If you are fortunate enough to work at a company that owns licenses to Burp Suite Enterprise Edition, you have access to not only Standard scan reporting but to Compliance reporting for the OWASP TOP 10 and PCI DSS.
The more you pay, the more reporting capability you get. Portswigger offers Burp Suite in three editions, Community, Professional, and Enterprise. When it comes to Burp Suite, there has never been a truer statement. Have you ever heard the saying, “You get what you pay for”? Let’s go! Understanding reporting in different editions of Burp Today, I will show you how I extract as much data as I can from Burp for my own reporting. Regardless of HOW you produce your reports, one common question is how to get reporting data out of Burp Suite.
In fact, John Hammond has produced a video using a process very similar to mine that he uses to produce his own OSCP/OSWE/OSED documentation. I’ve stopped using Word templates and migrated over to markdown and then converted it to human-readable PDFs based on templating and automated report generation with Pandoc + LaTeX. Over the years, I have learned a lot of tricks to minimize the effort of producing reports. Especially when communicating vulnerabilities to both technical and non-technical audiences.
0 kommentar(er)
