Get involved in the Burp challenge for opportunities to test your skills and win swag  –   Challenge me

ENTERPRISE

Adding usernames and passwords to a site

  • Last updated: November 11, 2022

  • Read time: 2 Minutes

If your site uses a basic username and password-based login system, you can specify login credentials for Burp Scanner to use when scanning the site. Specifying a valid username and password enables Burp Scanner to log in to the site and audit content that only authenticated users can usually see.

Note

Adding a username and password works well for sites using simple login forms with only two input fields. However, if your site uses a more complex login mechanism then you should use recorded login sequences instead of username and password-based login credentials, as Burp Scanner many be unable to log in otherwise.

You cannot use both credential types on a single site in Burp Suite Enterprise Edition.

Specifying username and password details when creating a new site

To specify username and password login credentials during the process of creating a new site:

  1. On the top menu, select Sites > Add a new site to display the Create a new site page.
  2. In the Scan settings section, select the Application logins tab.
  3. Make sure that the Add usernames and passwords radio button is selected.
  4. Click Add login credentials.
  5. In the dialog box, enter a unique Label to identify this set of login credentials.
  6. Enter the Username and Password.
  7. Click Save.

Specifying username and password details for an existing site

To specify username and password login credentials for an existing site:

  1. On the top menu, select Sites to display the site tree.
  2. Select the site you want to set up notifications for.
  3. Select the Details tab and click Edit.
  4. In the Scan settings section, select the Application logins tab.
  5. Ensure that the Add usernames and passwords radio button is selected.
  6. Click Add login credentials.
  7. In the dialog box, enter a unique Label to identify this set of login credentials.
  8. Enter the Username and Password.
  9. Click Save to close the dialog box.
  10. Click Save.

To specify an additional set of credentials, click the plus button and repeat steps 6 to 9.

To delete a set of credentials, click the trash icon .

Was this article helpful?