How can I create a new active scan that can either use a session handling rule or other means to run authenticated scan. My site doesn't use Basic Auth. It uses OAuth2.0 for Authentication.
I am using Burp Suite Professional 2.1.04.
Thank you for your message.
Unfortunately, Burp does not currently support authentication using OAuth. We do have a feature request in our roadmap to support non-standard authentication (SSO, 2FA etc) but we cannot provide an ETA of when this will be released. I have associated your query with this feature request so that you will be informed when it is released. Having said that, have you looked in the BApp store for any Burp extensions that might provide this functionality? The Add Custom Header extension sounds like it might provide what you are looking for?
The alternative is to manually crawl the website in order to populate the Site Map so that you can then perform an automated audit.
Please let us know if you need any further assistance.