Burp Suite User Forum

Login to post

BurpSuite Enterprise - Real time retrieval of credentials from external source (Enterprise Credential Vault)

ADIA | Last updated: Jul 27, 2020 12:32PM UTC

We would like to see a feature added to the Enterprise product that would allow for the real-time retrieval of credentials (associated with a scan configuration) from an external source. Enterprise security policies often require that privileged or non-human credentials be stored and managed by an enterprise PAM solution. To ensure that Burp scans have the latest, correct set of credentials to access a particular application or resource, we'd like to have the ability to have the agent retrieve them from an arbitrary external source via HTTP request to a REST endpoint at the time of execution. This could include a local caching mechanism, but does not have to.

Ben, PortSwigger Agent | Last updated: Jul 28, 2020 02:33PM UTC

Hi, We are working on improving the login capabilities of both Burp Enterprise and Professional by providing a record login function. This will allow users to record the non-standard login functionality and then supply the steps so that they are applied during the automated scan. This should improve the coverage that the Burp Scanner is able to provide by mimicking a users actions when performing different types of login. Do you feel that this would satisfy your requirements or would you be looking for something more specific?

You need to Log in to post a reply. Or register here, for free.