Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Failed to find additional rooms after recorded sequence

Erik | Last updated: May 17, 2022 09:20AM UTC

Hello I have the latest Burp suite professional version 2022.3.7 and have recorded a login session and using it for the scanner. I first crawl unauthenticated and the switches to audit mode. I believe this is normal according to the documentation. Then it prints "Failed to find additional rooms after recorded sequence: <name of the sequence>". I'm unsure if it works or not. Shouldn't it stop auditing if the login failed? I'm not sure what I'm getting out of the scan.

Michelle, PortSwigger Agent | Last updated: May 17, 2022 02:12PM UTC

Thanks for your message. The scan will perform an unauthenticated scan before moving on to performing an authenticated scan using the login sequence you have given it. During that phase, it may log in more than once, so it's possible that in some cases it may have logged in and found some new locations, but not always. If the login fails the scan will continue based on what it can find. From the message you are seeing it is possible that the authentication has succeeded but then there have been issues finding further locations. We'd be happy to try and take a closer look at this with you but it would be useful to see the details from each of the tabs in the scan task details, can you send some screenshots of each of the tabs over to support@portswigger.net, please? When you take a screenshot of the Event Log can you please make sure the debug level logs are also displayed? Can you tell us about the application, e.g. is it a single-page app? Which version of Burp are you using to scan the application? If you take a look through the URLs listed on the Audit items tab, are any of the URLs ones that are only accessible once authenticated?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.