Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

View users in Active Directory Security Group

Taylor | Last updated: Jul 21, 2020 01:16PM UTC

I greatly appreciate the development that has been going into Burp Suite, especially the latest update that brought LDAP authentication. With that said, myself and my team members that use the application would love to see a few enhancements to that feature. Such as being able to view which users are in a given Active Directory security group. Currently in the Team -> Groups view it shows the number of users e.g. "Users (2)", though when you click on the tab it only shows the text "Click here to add users..."

Uthman, PortSwigger Agent | Last updated: Jul 21, 2020 01:30PM UTC

Hi Taylor, The Team > Groups tab will only show local users (i.e. non-AD users). The users in an AD security group will only be visible on the AD server itself. Do you have a specific use-case for this?

Taylor | Last updated: Jul 22, 2020 07:24PM UTC

I would like to be able to check which users are part of a particular group while in Burp Suite Enterprise vs. switching over to Active Directory for a quick glance. Another use case is if a non-admin user wants to see which users are in their user group within Burp, they aren't going to know to look at the user group in Active Directory. Thanks for hearing me out!

Uthman, PortSwigger Agent | Last updated: Jul 23, 2020 09:11AM UTC

Thank you for the request and further information. I have raised a feature request on your behalf. We will track the popularity of this and update the thread if/when the feature is implemented.

IT.SAM | Last updated: Mar 13, 2023 10:39AM UTC

I’d like to disable the internal users completely as we don’t want to use local accounts for security reasons. We have added three groups in LDAP which we have added as groups in Burp (i.e. Admin (has admin+ site maintainer access), Viewer (Scan Viewer permission) and Scan Initiator (Scan initiator + Result editor permissions)) Currently even though we have 5 users in the LDAP admin group which have admin permissions in the Burp Application, we cannot disable the local administrator user. This is because the application requires at least one user with admin permissions. Could you please advise on how we can achieve no local users in Burp Application and additionally see the users who have logged into the application at least once? This may translate into another requirement (i.e. I need to have audit history on user login to BurpSuite Application for LDAP users, Currently I have zero information on this from the application).

Alex, PortSwigger Agent | Last updated: Mar 13, 2023 11:31AM UTC