DASTProfessional

Recorded login sequences

• Last updated: April 23, 2026

• Read time: 2 Minutes

When configuring application logins for a scan, you can import a recorded login sequence rather than supplying basic user credentials. A recorded login sequence is a set of instructions that tell Burp Scanner how to log in to the website.

Recorded login sequences enable Burp to handle complex authentication mechanisms, including:

• Single sign-on.
• Multi-step logins in which the username and password are not entered in the same form.
• Login forms that contain, for example, extra fields or checkboxes.
• TOTP multi-factor authentication.
• WebAuthn.

Recorded login sequences are especially useful if you are using Burp Suite DAST to automate scanning across a large application portfolio. In this case, you may be able to record an application's login sequence once and re-use it multiple times.

Using recorded login sequences

You can record login sequences in two ways:

• Manually: To record login sequences manually, use the Login Recorder for Burp Suite. This Chrome extension captures your interactions with the website while you perform the login sequence. It then generates a JSON-based "script" that you can import into Burp Suite Professional or Burp Suite DAST.
• Using Burp AI: You can use Burp AI to record login sequences autonomously, saving time and reducing the chance of human error. For more information on how to do this in Burp Suite Professional, see Generating recorded login sequences using AI. For more information on how to do this in Burp Suite DAST, see Using Burp AI to record login sequences.