Burp Suite User Forum

Login to post

Headless burp authenticated scans

Deepak | Last updated: Sep 25, 2019 07:08PM UTC

How can I perform an authenticated scan using headless burp?

Burp User | Last updated: Sep 25, 2019 07:16PM UTC

Unfortunately, session handling is out of headless-Burp's scope. However, you can use the built in features to record a login macro. There is also a how-to guide on the support site. However, this would mean you will require to run burp in a non headless mode. I.e with a GUI and record the macro.

Mike, PortSwigger Agent | Last updated: Sep 26, 2019 02:09PM UTC

What type of authentication do you want to perform? If it's basic auth then this can be done natively with Burp Scanner through the REST API however if it requires workarounds then session handling rules/macros will be the way to go.

You need to Log in to post a reply. Or register here, for free.