How can I create a new active scan that can either use a session handling rule or other means to run authenticated scan. My site doesn't use Basic Auth. It uses OAuth2.0 for Authentication.
I am using Burp Suite Professional 2.1.04.
Thank you for your message.
Unfortunately, Burp does not currently support authentication using OAuth. We do have a feature request in our roadmap to support non-standard authentication (SSO, 2FA etc) but we cannot provide an ETA of when this will be released. I have associated your query with this feature request so that you will be informed when it is released. Having said that, have you looked in the BApp store for any Burp extensions that might provide this functionality? The Add Custom Header extension sounds like it might provide what you are looking for?
The alternative is to manually crawl the website in order to populate the Site Map so that you can then perform an automated audit.
Please let us know if you need any further assistance.
The following links provide some information on writing a Burp Extension:
Please let us know if you require any further assistance.
how to do an authenticated scan over the burp suite v2.1.05.is there any articles to go through.
Thanks and regards,
What authentication are you trying to carry out? Are you wanting to log into a site using a username/password to discover authenticated content or are you wanting to carry out platform authentication on a destination server to allow you to scan a web application?