Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Suite Enterprise cannot do authenticated scans

Ivan | Last updated: Jun 24, 2021 07:03AM UTC

Hello Burp, I hope i find you in good health. I would like to present to you a few problems that we encountered while working with Burp Enterprise. In the Web application scan configuration, we use in most cases crawling with authentication. We have noticed that the use of basic Login Credentials Authentication is not working properly. In fact is not working at all. Also the second setting for record authentication is not working as well. We came to this conclusion from the fact that in one scan it's finish super fast, for no reason. We also have a case of a failed scans and scan log reports multiple failed login attempts. We can be sure that the application does not authenticate, we notice even after a few hours of scanning that the scanned URLs do not include the internal URLs of the application. We Insert the URLs manually and the result is the same. We can provide you with screenshots of the configurations we have to guide us where the problem might be. Thanks in advance. Looking forward to your reply.

Maia, PortSwigger Agent | Last updated: Jun 24, 2021 02:46PM UTC

Hi,

Thank you for your message.

If you email us with the screenshots and a copy of the scan event and debug log we can take a closer look.

There are a few limitations for recorded logins which can be found here. Please check to see if your site matches any of these cases.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.