Burp Suite User Forum

Login to post

Do I need to remain logged into application for the audit to be successful

Kate | Last updated: Aug 12, 2023 12:58AM UTC

Hello, I have manually crawled my application and then selected scan->open scan launcher->audit selected items. I'm currently auditing my selection, but it is taking a long time and my application signs you out after 5 minutes of inactivity. Do I need to remain logged into my application in order for the audit to be successful? I noticed that if I let it sign out, I get a lot of 302 errors.

Michelle, PortSwigger Agent | Last updated: Aug 14, 2023 09:05AM UTC

If you've manually crawled the application and then some of the audit requests are showing as not being logged in, you can create a session handling rule to check if a session is still valid and re-authenticate you if it is not. https://portswigger.net/burp/documentation/desktop/settings/sessions/session-handling-rules https://portswigger.net/burp/documentation/desktop/testing-workflow/session-management/maintaining-authenticated-session If you'd like us to take a closer look at this with you, can you send an email to support@portswigger.net with a few more details? Do you think it's possible that the inactivity timeout is being hit during the audit? If so, what do you see in the Logger tab? Are all the 302 responses redirecting you to the login page? Could another of the requests have caused a logout?

You need to Log in to post a reply. Or register here, for free.