Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Headless burp authenticated scans

Deepak Sep 25, 2019 07:08PM UTC

How can I perform an authenticated scan using headless burp?


Anand Sudhir Prayaga Sep 25, 2019 07:16PM UTC
Unfortunately, session handling is out of headless-Burp's scope. However, you can use the built in features to record a login macro.
There is also a how-to guide on the support site.

However, this would mean you will require to run burp in a non headless mode. I.e with a GUI and record the macro.

Mike Eaton Sep 26, 2019 02:10PM UTC Support Center agent

What type of authentication do you want to perform? If it’s basic auth then this can be done natively with Burp Scanner through the REST API however if it requires workarounds then session handling rules/macros will be the way to go.


Post Your public answer

Your name
Your email address
Answer