Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Vulnerability Scan

Kris | Last updated: Apr 07, 2020 04:05AM UTC

How do I validate that entered credentials authenticated properly for a vulnerability scan? Also, I have attempted to initiate scans of java based applications and they never seem to fully complete. I have tried to configure setting to force completion - and this works for the crawl portion which can be set to end after a period of time. However, the audit portion still seems to never complete. Any thoughts?

Uthman, PortSwigger Agent | Last updated: Apr 07, 2020 08:35AM UTC

Hi, Once you have set up a scan, you should see it on the Dashboard. Select View details > Event log. It should show you whether the authentication was successful using the credentials you provided. I will need further information about the failing scans. Are they failing at a specific stage? Do they just get stuck? You can install the Logger++ extension to monitor the scanner traffic and see if any requests are timing out.

Kris | Last updated: Apr 07, 2020 02:44PM UTC

in looking through the event log, I don't see any notation that authentication failed or succeeded. I timebox the crawl and it seems as if the audit checks just go on forever, they will go hours and still not complete.

Kris | Last updated: Apr 07, 2020 02:44PM UTC

in looking through the event log, I don't see any notation that authentication failed or succeeded. I timebox the crawl and it seems as if the audit checks just go on forever, they will go hours and still not complete.

Uthman, PortSwigger Agent | Last updated: Apr 07, 2020 03:09PM UTC