Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Active scanning the application having OTP as 2FA

ARPIT | Last updated: Feb 21, 2023 02:42PM UTC

Hi Team, Is there any way where in we can scan an application which uses OTP as 2FA? The Mobile device we can use the hardware or a simulator as well. If not already available as of now in Burp, can you please guide what other methods can be combined with Burp Suite, to get help in active scanning. Kind Regards, Arpit

Hannah, PortSwigger Agent | Last updated: Feb 22, 2023 09:26AM UTC

Hi Arpit Thank you for your message. Are you using Burp Suite Enterprise Edition or Burp Suite Professional?

ARPIT | Last updated: Feb 22, 2023 05:44PM UTC

I am using Burp Suite Professional.

Hannah, PortSwigger Agent | Last updated: Feb 23, 2023 09:42AM UTC

We don't have any native functionality for this. However, have you had a look at the BApp Store extension, "Google Authenticator"? If your 2FA is using TOTP, then this should be of use.

ARPIT | Last updated: Feb 24, 2023 10:01AM UTC

We are not using TOTP.

Hannah, PortSwigger Agent | Last updated: Feb 24, 2023 10:54AM UTC

Hi Could you tell me the type of 2FA you are using?

ARPIT | Last updated: Feb 24, 2023 12:26PM UTC

We will be using credentials followed by event based OTP.

ARPIT | Last updated: Feb 28, 2023 08:46AM UTC

Anything where you can help us on event based OTP & scanning?

Hannah, PortSwigger Agent | Last updated: Feb 28, 2023 10:54AM UTC