Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Authenticated scanning

Scan privileged areas of target applications

Don't let complex login sequences stand in the way of your vulnerability scans.

Try for free
Authenticated scanning represented by a movie camera

Record complex login sequences and play them back

Complex login sequences like single-sign on (SSO) can often cause a headache for web vulnerability scanners. But Burp Scanner is smarter than most. Thanks to features like the Burp Suite Navigation Recorder, users of both Burp Suite Enterprise Edition and Burp Suite Professional can sit back and watch Burp Scanner log in for them.

This allows Burp Scanner to access privileged areas of target applications - crawling for content and scanning it just as it would normally. This is especially useful if you are using Burp Suite Enterprise Edition to automate scanning across a large application portfolio. Simply record an application's login sequence once, and let Burp Scanner take care of the rest.

"Recorded logins allow you to record complex authentication sequences which would not be possible without using a browser."

Gareth Heyes

Gareth Heyes

PortSwigger Researcher

What is authenticated scanning?

When testing for web security vulnerabilities, it's vital to cover as much of an application's attack surface as possible. But what if that attack surface is partially hidden within a privileged area (e.g. a user dashboard) that requires a login? Authenticated scanning allows a web vulnerability scanner to log in to search for vulnerabilities inside such areas.

How you can enable Burp Scanner to authenticate itself

With simple login functions, authenticating Burp Scanner is as easy as supplying it with a valid set of credentials (e.g. username and password). Burp Scanner will then identify HTML login forms, and use your data to authenticate itself when crawling and scanning.

But with more complex login sequences like single-sign on (SSO), automation isn't so straightforward. Such systems often make heavy use of JavaScript, meaning that they must be rendered in a browser before being interacted with. Fortunately, Burp Scanner can execute JavaScript through its embedded Chromium browser - making it possible to automate many of these complex login processes.

Using the Burp Suite Navigation Recorder Chromium extension, users can record paths through complex login systems for future use. Use it in your own Chrome installation, or Burp Suite's embedded Chromium browser (Burp Suite Professional), and Burp Suite will store the path as JSON. Whether it's external SSO, a multi-step form, or another more arbitrary process, Burp Suite's browser-powered scanner can (with a few exceptions) authenticate itself.

Burp Suite Enterprise Edition

By recording complex login sequences in your browser with Burp Suite Enterprise Edition, you can scan it all like never before. Burp Suite Enterprise Edition enables you to scale scanning for common web security vulnerabilities right across your application portfolio.

Find out more

Burp Suite Professional

Burp Suite Professional makes life much easier when testing applications that use complex login sequences. But the utility doesn't end there. Use the Navigation Recorder to record anything you can do on a site - great for replaying a proof of concept inside Burp Suite.

Find out more

93 percent chart

of surveyed organizations are concerned about finding vulnerabilities in modern web applications, such as JavaScript and single-page applications. Source: TechValidate survey of PortSwigger customers

See more customer stories

Burp Scanner's capabilities are continually evolving

As with all Burp Suite features, Burp Scanner is constantly evolving - enabling increased productivity and reliability for its users. With web application authentication becoming ever more complex, Burp Suite subscribers can expect to see continual and significant development in Burp Scanner's authenticated login capabilities.

Enhancements are already being planned for login types that Burp Scanner currently doesn't handle - including those where popup windows are used. As with any web vulnerability scanner, Burp Scanner cannot circumvent countermeasures (such as CAPTCHA), intended specifically to deny entry to automated systems.

Find out more about recording logins with Burp Scanner

A vulnerability scanner built with the modern web - and enterprise web applications - in mind

Designed by leading web security researchers, Burp Scanner aims to mirror the actions of a skilled manual tester. Benefit from PortSwigger's ongoing commitment to excellence.

Burp Scanner sits at the heart of both Burp Suite Enterprise Edition and Burp Suite Professional. It's the weapon of choice for over 70,000 users across more than 16,000 organizations - from pentesters to DevSecOps teams.

Reveal more

By using its advanced crawling algorithm to build up a profile of its target in a similar way to an expert tester, Burp Scanner can reveal more attack surface to exploit - without user intervention.

Scan it all

Burp Scanner can handle JavaScript-heavy web apps, employ user-defined login sequences, and parse many API definitions. It reveals more of the attack surface you need to see.

Save more time

By automatically authenticating your scans with target applications, you can increase resources available for manual testing. This increases productivity for both organizations and individual testers.

Find critical bugs

Benefit from the best security research team in the world. Burp Suite subscribers get unrivaled protection against new bugs, and access to the latest methods - like the Burp Suite Navigation Recorder.

Configure everything

Scan for a huge list of vulnerabilities, and save custom scan configurations. Have the option to focus on specific vulnerabilities particularly relevant to authenticated scans - like RCE, CSRF, XSS, or SQL injection.

Reliability you can trust

Find more vulnerabilities - and fewer false positives. Bring a whole new facet to your security testing with reliable automated OAST (out-of-band application security testing).

Block quote

I have already chosen Burp against our recommended scanning tool. Considering the flexibility in config, customer support, effectiveness in catching bugs etc.

See more customer stories

Balaji Govindan

Software Engineer

Burp Suite Enterprise Edition

Automate Burp Scanner. Integrate with CI/CD and enable DevSecOps. Indefinite scalability.

Read more

Burp Scanner

Learn more about the research-driven scanner that sits at the heart of Burp Suite.

Read more

Burp Suite Professional

Integrate Burp Scanner with manual pentesting workflows, apply custom scan checks, and much more.

Read more