Professional

Configuring application logins

Last updated: March 1, 2024
Read time: 1 Minute

Adding application logins to a scan enables Burp Scanner to discover content that is only accessible to authenticated users.

Note

Burp Scanner uses application logins when it crawls an application. You cannot specify application logins for Audit selected items scans, because these scans do not crawl the target.

There are two types of application login you can add in Burp Suite:

Username and password pairs are intended for sites that use a basic, single-step login mechanism.
Recorded login sequences are intended for sites that use more complex login mechanisms, such as Single Sign-On.

You can only use one of the available login mechanisms per scan. If you specify both simple login credentials and a recorded login sequence, Burp Scanner uses the recorded login when scanning.

Adding usernames and passwords.
Adding recorded login sequences.
Managing application logins using the configuration library.

Configuring application logins

Note

Related pages