PROFESSIONAL
Adding recorded login sequences in Burp Suite Professional
-
Last updated: September 14, 2023
-
Read time: 1 Minute
To configure application logins for a scan, you can import a recorded login sequence rather than supplying basic user credentials. A recorded login sequence is a set of instructions that tell Burp Scanner how to log in to the target application.
Recorded login sequences enable Burp to handle complex authentication mechanisms, including:
- Single sign-on.
- Multi-step logins in which the username and password are not entered in the same form.
- Login forms that contain, for example, extra fields or checkboxes.
You can manage recorded login sequences from the Application login tab of the scan launcher. From here, you can:
- Add new logins to the scan.
- Edit existing logins.
- Replay existing logins.
- Import logins from the configuration library.
Note
Login sequences are recorded using the Burp Suite Navigation Recorder Chrome extension. For more information on how to record a login sequence, see Recording login sequences.
Adding login sequences
To add a login sequence to your scan:
- From the scan launcher's Application login tab, select Use recorded login sequences.
- Click New to display the New Recorded Login dialog.
- Enter a descriptive Label for the login.
- Paste the data from your clipboard into the Paste Script field.
- Click OK.
Burp adds the sequence to the list of application logins.
Editing existing recorded logins
To edit an existing recorded login, select it and click Edit. From here you can edit the sequence's JSON directly.
To delete an existing recorded login, select it and click Delete.