Burp Suite User Forum

Login to post

BurpSuite Enterprise Edition - login status / monitorng

Johnny | Last updated: Nov 08, 2018 08:55PM UTC

Testing the new Enterprise Edition. Currently only limited login capability - just username /password. Trying to find out where this macro is located on the disk so I can modify it to support say a modal dialogue that pops up during login or a multi page login.

Liam, PortSwigger Agent | Last updated: Nov 09, 2018 10:45AM UTC

Just to clarify, are you using the Application logins function in the Site details section?

Burp User | Last updated: Nov 12, 2018 04:02PM UTC

Yes, I see "Applications logins" - i can add a new login or edit current one. All I see are "username" and "password" as options.

PortSwigger Agent | Last updated: Nov 12, 2018 04:23PM UTC

Thanks for clarifying. Right now, unfortunately, there's no way to handle more complex logins. In future we're going to provide a "record login" feature to handle these. This is one of the most requested features for Burp Enterprise.

Burp User | Last updated: Nov 26, 2018 11:30AM UTC

that's weak... enterprise is useless for most of our apps

PortSwigger Agent | Last updated: Nov 26, 2018 11:44AM UTC

Thanks for the feedback. Many users do care about JIRA integration. We will be working on a "record login" feature in future, and when we do we want to take time to make sure the feature works well.

Burp User | Last updated: Jan 29, 2019 11:23AM UTC

Same here. I don't understand they're releasing a product lacking such core functionalities. Who cars about JIRA integration when it can't evens scan our app.

Burp User | Last updated: Jun 07, 2019 09:31PM UTC

Is the recorded login feature available in Burp Enterprise.

Burp User | Last updated: Jun 07, 2019 09:34PM UTC

Does Burp enterprise scan sites having user name and password via jenkins job.

PortSwigger Agent | Last updated: Jun 10, 2019 09:31AM UTC

Work on the record login feature has not started, and it's likely to still be a little way out. Yes, you can pass a user name and password from a Jenkins job, in the scan configuration.

Liam, PortSwigger Agent | Last updated: Jun 10, 2019 09:32AM UTC

No, this feature is still in our development backlog.

Burp User | Last updated: Oct 02, 2019 05:40PM UTC

is the recorded login feature is implemented?

Burp User | Last updated: Dec 10, 2019 08:15AM UTC

In the 'Details' tab of 'Sites' , We have provided the id of loginname and actual Username and Password fields we have provided the required data, Despite this we are quite sure that the scanner has not logged into our application. How can we solve this ?

Michelle, PortSwigger Agent | Last updated: Dec 10, 2019 10:44AM UTC

Could you confirm which version of Burp you are using, please?

Hannah, PortSwigger Agent | Last updated: Jan 13, 2020 02:12PM UTC

This feature is on our roadmap for this year (https://portswigger.net/blog/burp-suite-roadmap-for-2020 - under Scanner)

Burp User | Last updated: Feb 07, 2020 12:39AM UTC

Is there an update to the feature? We want to use the Enterprise version but I cannot really login to scan anything

Ryan | Last updated: Mar 11, 2020 09:00PM UTC

Is there any work around for this at all to scan authenticated resources? Can you use Selenium scripts or anything to get some sort of scan on authenticated resources? Maybe even use the macro functionality integrated into the professional edition found in ‘Project Options -> Sessions’? Additionally, I tried to run a scan on an inherently vulnerable application WebGoat which uses the parameters ‘username’ and ‘password’ for authentication and can’t get any authenticated resources crawled or audited using either professional or enterprise. Is there something I am doing wrong?

Uthman, PortSwigger Agent | Last updated: Mar 12, 2020 10:29AM UTC

Hi Ryan, Are you specifying the credentials under Application Login before the scan runs? Please email with more details and screenshots so I can assist you. support@portswigger.net

Ben, PortSwigger Agent | Last updated: Nov 20, 2020 09:28AM UTC

Hi all, Just to confirm that we have now released the functionality to create recorded login sequences, in order to better handle more complex login functions, in Burp Enterprise. This functionality is available in Burp Enterprise, Version 2020.11.

You need to Log in to post a reply. Or register here, for free.