Burp Suite User Forum

Create new post

How does Burp know which forms are "login forms"?

Hello | Last updated: Jan 22, 2016 03:44PM UTC

https://portswigger.net/burp/help/spider_options.html writes "Because of the function that authentication plays in web applications, you will often want Burp to handle login forms in a different way than ordinary forms". But login forms could be as simple as <form><input name=a><input type=password name=b></form> How does Burp tell "login forms" apart from regular forms?

Burp User | Last updated: Jan 22, 2016 03:45PM UTC

Or it could be multi-step, as what can be seen in Gmail. First step is to submit the username first, followed by the password in the second step.

PortSwigger Agent | Last updated: Jan 22, 2016 04:43PM UTC

Forms with a password field are assumed to be login forms.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.