Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Authenticated Scanning and Javascript crawling

Jyothsna lekkala Nov 05, 2019 12:44AM UTC

hi Portswigger,
How can I create a new active scan that can either use a session handling rule or other means to run authenticated scan. My site doesn't use Basic Auth. It uses OAuth2.0 for Authentication.
Also I want to enable Javascript crawling.

I am using Burp Suite Professional 2.1.04.
Thanks,
--Jyothnsa


Ben Wright Nov 05, 2019 11:13AM UTC Support Center agent

Hi Jyothnsa,

Thank you for your message.

Unfortunately, Burp does not currently support authentication using OAuth. We do have a feature request in our roadmap to support non-standard authentication (SSO, 2FA etc) but we cannot provide an ETA of when this will be released. I have associated your query with this feature request so that you will be informed when it is released. Having said that, have you looked in the BApp store for any Burp extensions that might provide this functionality? The Add Custom Header extension sounds like it might provide what you are looking for?

We have just released Burp Suite Professional Version 2.1.05, which contains a new experimental embedded browser to crawl for JavaScript heavy applications, there is more information about this (and its current limitations) in the following link:

http://releases.portswigger.net/2019/11/professional-2105.html

The alternative is to manually crawl the website in order to populate the Site Map so that you can then perform an automated audit.

Please let us know if you need any further assistance.


Post Your public answer

Your name
Your email address
Answer