Completing the exam without Burp?

Hoping to hear from someone that’s completed the eWPT exam since Burp removed the ability to Spider with the community edition. What did you do? Buy a Burp license or just use ZAP? There’s a ton of slide content focused solely on Burp’s Spider function so I’m not sure what to do here.

Yes that’s true, community edition in burp now has no spider option. But u can use many alternative tools like next famous one ZAP. Also there are other ways to get Burp versions :stuck_out_tongue:
Also below are some alternative tools please find in below link:
15 BEST Website Crawler Tools in 2021 [Free & Paid].

No expert in WebPT, just was an suggestion

Thanks

2 Likes

You can always install an older version of burp (1.x) , if you want the spider feature. Here is the link for Burp community Edition 1.7.36

Burp 2.x is revamped to a task based model. The spider tab has been moved. While initiating a new scan, you have the option of selecting crawl or audit. However, to initiate a new scan, it requires Pro license.

So may download an older version of Burp Community Edition or rely on OWASP ZAP proxy for crawling and spider.

3 Likes

Burp is great for the repeater and the proxy, unfortunately have been years since they removed the spider and crawler. Usually, I use dirb/dirbuster or ZAP for this task and Burp for manual exploitation.
As usually, you need to adapt and try to use the tools you have. I don’t see the point to buy a burp license unless you work in web security or as a bug hunter.

4 Likes

I did my first run with Burp Pro, and with extra time left went back through and did it completely over only using OWASP ZAP. It’s completely possible.

6 Likes