Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Recorded login sequence: timing

Lukas | Last updated: May 03, 2021 11:50AM UTC

Hello everyone! I am struggling with logging in via the recorded login sequence feature, as the plugin fails to identify the corresponding elements on the side. I managed to fix this by removing the xpath and id details, but to trigger the "login" button, I have to either specify it for a click event, or press the enter button - ignoring the first possibility, as that would not work, I would have to wait before pressing the enter button, because the "login" button has to be activated before i can use it. Is there any way to honor timestamps or maybe just code a "hard wait" into the json script? Best, Lukas

Ben, PortSwigger Agent | Last updated: May 04, 2021 09:24AM UTC

Hi Lukas, Currently, the recorded login functionality is not able to handle any delays in the application of the recorded script in order to deal with things like asynchronous loading of the page. We have an existing feature request to implement this functionality but cannot provide an ETA of when this will be added. I will add your interest to this feature request so that we can accurately monitor the demand and our developers can prioritise their resources accordingly.

Alex | Last updated: Jan 10, 2023 04:43PM UTC

Is there any update on this feature? I know that there were updates to the BPS (https://portswigger.net/blog/browser-powered-scanning-2-0), but I don't see any mention of this feature being included. I also see from the roadmap (https://portswigger.net/burp/pro/roadmap) that there's supposed to be enhancements to heavy JS or SPA apps, but I'm currently running into an issue with an SPA. In the recorded login sequence replay BPS is logging in before the SPA loads fully, and once the SPA fully loads it wipes out the auth that the BPS already performed (I'm guessing it's clearing cookies once it finally loads or something).

Ben, PortSwigger Agent | Last updated: Jan 12, 2023 08:09AM UTC

Hi Alex, Would you be able to email us at support@portswigger.net and include some specific details of the issues that you are facing so that we can work with you to attempt to mitigate them? It would be useful to know the site that you are working with and also see the recorded login script that has been generated (if either are at all possible). It was decided to implement this feature in a slightly different way - the end result being that users could manually add delays to their recorded login scripts but we really only wanted this to happen when there was a genuine reason to do so (there are consequences to adding delays to these scripts and we did not necessarily want to expose this feature so that users could add delays without our guidance).

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.