Professional

Adding recorded login sequences in Burp Suite Professional

To configure application logins for a scan, you can import a recorded login sequence rather than supplying basic user credentials. A recorded login sequence is a set of instructions that tell Burp Scanner how to log in to the target application.

Recorded login sequences enable Burp to handle complex authentication mechanisms, including:

Single sign-on.
Multi-step logins in which the username and password are not entered in the same form.
Login forms that contain, for example, extra fields or checkboxes.

You can manage recorded login sequences from the Application login tab of the scan launcher. From here, you can:

Add new logins to the scan.
Edit existing logins.
Replay existing logins.
Import logins from the configuration library.

Note

Login sequences are recorded using the Burp Suite Navigation Recorder Chrome extension. For more information on how to record a login sequence, see Recording login sequences.

To add a login sequence to your scan:

From the scan launcher's Application login tab, select Use recorded login sequences.
Click New to display the New Recorded Login dialog.
Enter a descriptive Label for the login.
Paste the data from your clipboard into the Paste Script field.
Click OK.

Burp adds the sequence to the list of application logins.

Editing existing recorded logins

To edit an existing recorded login, select it and click Edit. From here you can edit the sequence's JSON directly.

To delete an existing recorded login, select it and click Delete.

Adding recorded login sequences in Burp Suite Professional

Note

Adding login sequences

Editing existing recorded logins