Burp Suite User Forum

Create new post

Add cookie authentication to active scan

Daniel | Last updated: Jun 24, 2024 03:07AM UTC

When doing an Active Scan, you can enter a username/password combination or record requests that will authenticate. MFA disrupts this workflow. I suggest adding an option to add a header (eg. authorization) or authentication cookie to the Active Scanner to authenticate that way so that the scanner is in an authenticated context when scanning the web application.

Syed, PortSwigger Agent | Last updated: Jun 24, 2024 09:45AM UTC

Hi Daniel,

Thank you for your suggestion. Burp already has a feature where you can set up custom headers or cookies to be sent with the requests when running a scan or sending requests through Burp. You can find it under session handling rules in Burp Pro and site details in Burp Enterprise.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.