Research Academy
My account Customers About Blog Careers Legal Contact Resellers

DASTProfessional

Recording login sequences

  • Last updated: November 18, 2025

  • Read time: 4 Minutes

Recorded login sequences enable Burp Scanner to audit content that only authenticated users can usually see, even on sites that use complex login mechanisms such as Single Sign-On. This section explains how to record a login sequence and then add it to a new or existing site.

In Burp Suite Professional, you can also use AI to generate login sequences automatically, saving time and reducing the chance of human error. For more information on how to do this, see Generating recorded login sequences using AI.

Note

If your site uses a basic username and password-based authentication mechanism, add username and password credentials rather than a recorded login sequence. Using username and password credentials can improve scan times and reduce the likelihood of errors. You cannot use both authentication methods on a single application in either Burp Suite Professional or Burp Suite DAST.

Preparing the Burp Suite Navigation Recorder extension

Before you can record a login sequence, you may need to install and configure the Burp Suite Navigation Recorder Chrome extension.

This step is required to record logins in Burp Suite DAST. It is optional in Burp Suite Professional, as Burp's browser comes with the extension pre-installed. However, you may still want to install the extension so that you can record logins in a standard Chrome installation.

To install and configure the extension:

  1. Open Chrome and navigate to the Burp Suite Navigation Recorder extension page.
  2. Click Add to Chrome.
  3. In the dialog box, click Add extension to install the extension.
  4. Click the extension icon on the Chrome toolbar to open the extension menu.
  5. Click Manage extensions to display the Extensions page.
  6. Select Allow in incognito.

Using the extension without incognito mode

You can use the extension without incognito mode in a standard Chrome installation, for example if you have organization restrictions that prohibit the use of incognito mode. However, we strongly recommend using incognito mode whenever possible to avoid issues with stateful behavior. Recording without incognito mode may result in a recorded login that appears to work, but stops working after your session ends.

To install the extension without incognito mode, follow the above steps, but click Continue without incognito at Step 6.

If you have already installed the extension, you can set the extension to not use incognito mode:

  • Open the browser.
  • Click the extension icon on the Chrome toolbar and select Manage extensions.
  • On the Burp Suite Navigation Recorder extension tile, click Details to display the Extensions page.
  • Deselect Allow in incognito.

Recording a login sequence

Read the Best practice for recording login sequences page before attempting to record a login sequence. This page contains advice to help you to avoid some common errors made when recording complex authentication sequences.

To record a login sequence:

  1. If you are using Burp Suite DAST, or want to record logins for Burp Suite Professional in a standard Chrome installation, install the Burp Suite Navigation Recorder Chrome extension. We recommend that you set the extension to run in incognito mode. For more information, see Preparing the Burp Suite Navigation Recorder extension.
  2. Click the extension icon on the Chrome toolbar and select Burp Suite Navigation Recorder.
  3. At the prompt, click Start recording. A new window opens.
  4. In the window, browse to the target website.
  5. Complete the login sequence that you want to capture.
  6. When you're done, click the extension icon, select Burp Suite Navigation Recorder, and click Stop recording.

The extension automatically copies the generated script to your clipboard. You can re-copy the script by selecting the extension icon and selecting Copy to clipboard.

You can repeat this process for each set of credentials that you want to use for scans of this site. For example, you might record one login sequence in which you log in as a normal user and another sequence in which you log in as an administrator.

Note

Burp Scanner uses Burp's browser to perform recorded login sequences when scanning, even if you have not selected Use Burp's browser for crawl and audit in your scan configuration.

Adding recorded login sequences

The process for adding a recorded login is different for Burp Suite DAST and Burp Suite Professional: