Burp Suite User Forum

Create new post

leverage carbonator to POST username & password to spider and scan

Vinnie | Last updated: Dec 18, 2015 02:32PM UTC

Hi, I've got the Burp carbonator automated on Jenkins(had to use cygwin) to scan a website. Is there anyway I logon to my application & scan it using either carbonator or Jenkins? Thanks, V

PortSwigger Agent | Last updated: Dec 22, 2015 01:26PM UTC

I don't believe that Carbonator supports configuration of login credentials. At some future point, we will provide native capabilities within Burp similar to Carbonator, and these will let you specify configuration details like these.

PortSwigger Agent | Last updated: Feb 19, 2016 09:20AM UTC

We're aiming to have this feature available towards the end of this year.

Burp User | Last updated: Jun 15, 2016 06:51PM UTC

Any more information on when this native capability will be available?

Burp User | Last updated: May 08, 2017 01:55PM UTC

Hi, Any updates on this at all?

PortSwigger Agent | Last updated: May 08, 2017 02:07PM UTC

Unfortunately this work has proved more complex than we expected, and forms part of a broader general revamp of our automated crawler. Work is very much underway on this task, and we're now aiming to have something ready to release later this year.

Burp User | Last updated: Dec 10, 2018 04:32PM UTC

Hi, Is this available in latest version of burpsuite pro

PortSwigger Agent | Last updated: Dec 11, 2018 10:02AM UTC

Yes, this is part of Burp 2. We now have a native REST API that lets you initiate scans - including providing credentials. This is supported by the new Crawler which is a major improvement on Spider, and is designed for automated, unattended scanning.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.