Login on website Scan
I was trying out the website scan functionality and I entered the login credentials for a site. I then entered all the other data and started the crawl and audit. When it was on the Account\Login page it did not appear to ever pass the login credentials to the site. IT scanned all the it could bu never was able to see any of the pages that require the user to login. How does it know that it needs to enter the login credentials on the login page?
Will this only work if I am running a live scan through the proxy?
Eric, thanks for your message.
There are some cases in which further configuration is required to allow Burp to log in during a scan. I’ll need a few more details from you, if possible?
Did you configure your login details through the New scan > Application login?
If so, can you provide details on the login mechanism. For example:
- Is the authentication just a straightforward form that just requires a
username and password and no other fields?
- Does it require platform authentication?
currently supported by Burp Scanner. You can test this by turning off