Last updated: February 21, 2023
Read time: 1 Minute
When crawling a target application, Burp Scanner attempts to cover as much of the application's attack surface as possible. Authenticated scanning enables Burp to crawl privileged content that requires a login to access, such as user dashboards and admin panels.
Burp Scanner can authenticate with target applications in two ways:
- Login credentials are simple username and password pairs. They are intended for sites that use a single-step login mechanism.
- Recorded login sequences are user-defined sequences of instructions. They are intended for sites that use complex login mechanisms such as Single Sign-On.
You can only use one authentication method per scan. If you enter both login credentials and a recorded login sequence, Burp Scanner ignores the provided login credentials.
In this section
Was this article helpful?
An error occurred, please try again.