Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

authent scan and un-authent scan in one project file

afs Oct 03, 2019 02:55AM UTC

we need to scan www.zzz.com(unauthen scan) and www.zzz.com/abc(authent scan), i'm given credentials under www.zzz.com/abc
in user options/platform authen, I configure user credentials basic authen for www.zzz.com(host), but after scan, in dashboard, it shows unauthen scan, so how to do authent scan for /abc and unauthen scan for www.zzz.com in one project file? thanks


Liam Tai-Hogan Oct 03, 2019 11:22AM UTC Support Center agent

Can I just confirm that you want to authenticate by using login credentials on the web application itself?

If this is the case you would need to create two separate scans under the same project file. The authenticated scan would be configured with the supplied credentials added under the Application Login section within the New scan wizard. These credentials are then submitted to any login functions present so that authenticated content is discovered.

For the second unauthenticated scan you would leave the Application login details empty so that the credentials are not used to login and the scan is carried out in an unauthenticated manner.

The following link provides some more details about the Application login functionality:

https://portswigger.net/burp/documentation/desktop/scanning/scan-launcher#application-login-options


Post Your public answer

Your name
Your email address
Answer