Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Ability to run scans against sites with Azure AD authentication

Sergei | Last updated: Sep 29, 2022 10:10AM UTC

Dear support team, our company has some internal sites with Azure AD authentication. Is there any ability to scan these sites? How can we provide credentials for Azure AD authentication during the Burp Suite scan?

Hannah, PortSwigger Agent | Last updated: Sep 29, 2022 12:10PM UTC

Hi Could you describe your login flow in some more detail, please? Have you had a look at our recorded login functionality? You can find our documentation for this feature here: https://portswigger.net/burp/documentation/desktop/scanning/recorded-logins

Sergei | Last updated: Sep 29, 2022 01:50PM UTC

Hello Hannah, We utilize AWS Application Load Balancer(ALB) with Azure AD oidc authentication (e.g.: https://towardsaws.com/aws-application-load-balancer-with-azure-ad-oidc-authentication-5547cdb1ddb5) AWS ALB uses Azure AD to authenticate users before they can access the target behind the ALB rule.

Hannah, PortSwigger Agent | Last updated: Sep 30, 2022 01:31PM UTC

Hi When you get redirected from your site for authentication, are you then required to sign in with your credentials, or does it include a further step, like having to enter an OTP or respond to a push notification on your phone?

pippo | Last updated: Nov 17, 2023 09:42AM UTC

Hi, I have a similar problem in providing credentials for Azure AD authentication during the Burp Suite scan. When I use proxy mod with "Intercept is On", I get the response from Azure AD authentication page, but I can't see the authentication form in my browser (I see a white page). Did you fix the original problem in any way?

Hannah, PortSwigger Agent | Last updated: Nov 17, 2023 10:15AM UTC