Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Use burp suite to test application which uses Social Logins (like Google , LinkedIn)

Vikram | Last updated: Sep 23, 2020 03:55AM UTC

Hi, My application uses social login (Google,Linkedin). I want to run a live scan and want burp to be able to scan the protected parts of the application as well. I am not able to find a document which guides on this. Is this feature available in Burrp ? Thanks for your help!

Ben, PortSwigger Agent | Last updated: Sep 23, 2020 07:40AM UTC

Hi Vikram, We are currently working on (and very close to releasing) a recorded login feature, which will allow users to record the login steps, within the browser, for their web application and then supply that recording to be used in the automated scan. This feature should provide better coverage for non-standard and more complex login functions.

Shreya | Last updated: Jun 28, 2021 10:24AM UTC

Hi, is this feature available now? Any tutorial for the same?

Ben, PortSwigger Agent | Last updated: Jun 28, 2021 02:14PM UTC

Hi Shreya, Yes, using recorded logins for authentication during scanning is now available in both Burp Professional and Burp Enterprise. There are more details in the links below on how this works (depending on which edition of Burp you are using): https://portswigger.net/burp/documentation/desktop/scanning/recorded-logins https://portswigger.net/burp/documentation/enterprise/working/sites/application-logins

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.