Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Log onto SharePoint - Burp Suite Enterprise

NICHOLSON, | Last updated: Feb 18, 2021 09:47AM UTC

Hi all We have just purcahsed Burp Suite Enterprise. Tried to setup a scan of out SharePoint environment but it does not look like it can login. I added login credentials to the site but I don't think it can access. Our SP farm is setup to use AD for authentication, and when a user is logged onto the network will automatically be authenticated in SP. Otherwise you'd get the standered login prompt while inside the network, outside is via an ADFS login screen. Burp Suite Enterprise is installed inside the network. I tried using the Burp Suite Navigation Recorded but it din't really work. Any suggestions?

Liam, PortSwigger Agent | Last updated: Feb 18, 2021 09:59AM UTC

Please be aware of the following limitations before deciding to use recorded login sequences: Recorded logins are not compatible with two-factor authentication, character-select passwords, or CAPTCHA. Burp Scanner is currently unable to replay login sequences that rely on popups or <iframe> elements. Recorded logins are only compatible with browser-powered scans. If Burp fails to initialize its embedded browser during the crawl, it will fall back to the previous crawler engine and ignore any recorded logins that you have created. You should check the event log and run an embedded browser health check for details. When using recorded logins, Burp Scanner will not be able to self-register users or deliberately trigger login failures by submitting invalid credentials. As a result, any "Login functions" crawl settings from your scan configuration will be ignored. Depending on your authentication system, the repeated logins made during the scan may be flagged as suspicious. This could trigger additional authentication steps or anti-robot measures that the crawler is unable to handle. In this case, we recommend running the scan on a test instance with these checks disabled. Do you have a copy of Burp Suite Pro? After you save a recorded login sequence in Burp Pro, you can replay it to check that the recording accurately captured your interactions with the browser. This is useful for checking that new recordings are working as expected and for troubleshooting existing ones that are failing during scans.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.