Professional

Configuring application logins

  • Last updated: August 30, 2024

  • Read time: 1 Minute

Adding application logins to a scan enables Burp Scanner to discover content that is only accessible to authenticated users.

Note

Burp Scanner uses application logins when it crawls an application. You cannot specify application logins for Audit selected items scans, because these scans do not crawl the target.

There are two types of application login you can add in Burp Suite:

  • Username and password pairs are intended for sites that use a basic, single-step login mechanism.
  • Recorded login sequences are intended for sites that use more complex login mechanisms, such as Single Sign-On.

You can only use one of the available login mechanisms per scan. If you specify both simple login credentials and a recorded login sequence, Burp Scanner uses the recorded login when scanning.

Was this article helpful?