Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Authenticated Scanning and Javascript crawling

Jyothsna lekkala Nov 05, 2019 12:44AM UTC

hi Portswigger,
How can I create a new active scan that can either use a session handling rule or other means to run authenticated scan. My site doesn't use Basic Auth. It uses OAuth2.0 for Authentication.
Also I want to enable Javascript crawling.

I am using Burp Suite Professional 2.1.04.

Ben Wright Nov 05, 2019 11:13AM UTC Support Center agent

Hi Jyothnsa,

Thank you for your message.

Unfortunately, Burp does not currently support authentication using OAuth. We do have a feature request in our roadmap to support non-standard authentication (SSO, 2FA etc) but we cannot provide an ETA of when this will be released. I have associated your query with this feature request so that you will be informed when it is released. Having said that, have you looked in the BApp store for any Burp extensions that might provide this functionality? The Add Custom Header extension sounds like it might provide what you are looking for?

We have just released Burp Suite Professional Version 2.1.05, which contains a new experimental embedded browser to crawl for JavaScript heavy applications, there is more information about this (and its current limitations) in the following link:

The alternative is to manually crawl the website in order to populate the Site Map so that you can then perform an automated audit.

Please let us know if you need any further assistance.

Jyothsna lekkala Nov 15, 2019 12:41AM UTC
Is there some documentation that shows how to start to write a Burp Suite Extension?

Ben Wright Nov 15, 2019 08:19AM UTC Support Center agent

Hi Jyothsna,

The following links provide some information on writing a Burp Extension:

Please let us know if you require any further assistance.

leelakishore Nov 20, 2019 11:33AM UTC
Hi team,

how to do an authenticated scan over the burp suite there any articles to go through.

Thanks and regards,
Leelakishore. p

Ben Wright Nov 20, 2019 11:46AM UTC Support Center agent

Hi Leelakishore,

What authentication are you trying to carry out? Are you wanting to log into a site using a username/password to discover authenticated content or are you wanting to carry out platform authentication on a destination server to allow you to scan a web application?

Post Your public answer

Your name
Your email address