Burp community forum

Login on website Scan

Eric | Last updated: Sep 10, 2019 05:31PM UTC

I was trying out the website scan functionality and I entered the login credentials for a site. I then entered all the other data and started the crawl and audit. When it was on the Account\Login page it did not appear to ever pass the login credentials to the site. IT scanned all the it could bu never was able to see any of the pages that require the user to login. How does it know that it needs to enter the login credentials on the login page? Will this only work if I am running a live scan through the proxy?

Rose, PortSwigger Agent | Last updated: Sep 11, 2019 06:33AM UTC

Eric, thanks for your message. There are some cases in which further configuration is required to allow Burp to log in during a scan. I'll need a few more details from you, if possible? Did you configure your login details through the New scan > Application login? If so, can you provide details on the login mechanism. For example: - Is the authentication just a straightforward form that just requires a username and password and no other fields? - Does it require platform authentication? - Does your application / login page use JavaScript? If so, this isn't currently supported by Burp Scanner. You can test this by turning off JavaScript in your browser and checking if the application still functions.

You need to Log in to post a reply. Or register here, for free.