Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Login on website Scan

Eric Sep 10, 2019 05:31PM UTC

I was trying out the website scan functionality and I entered the login credentials for a site. I then entered all the other data and started the crawl and audit. When it was on the Account\Login page it did not appear to ever pass the login credentials to the site. IT scanned all the it could bu never was able to see any of the pages that require the user to login. How does it know that it needs to enter the login credentials on the login page?

Will this only work if I am running a live scan through the proxy?


Rose Krawczuk Sep 11, 2019 06:44AM UTC Support Center agent

Eric, thanks for your message.

There are some cases in which further configuration is required to allow Burp to log in during a scan. I’ll need a few more details from you, if possible?

Did you configure your login details through the New scan > Application login?

If so, can you provide details on the login mechanism. For example:

- Is the authentication just a straightforward form that just requires a
username and password and no other fields?

- Does it require platform authentication?

- Does your application / login page use JavaScript? If so, this isn’t
currently supported by Burp Scanner. You can test this by turning off
JavaScript in your browser and checking if the application still functions.


Post Your public answer

Your name
Your email address
Answer