Adding recorded login sequences in Burp Suite Professional

To configure application logins for a scan, you can import a recorded login sequence rather than supplying basic user credentials. A recorded login sequence is a set of instructions that tell Burp Scanner how to log in to the target application.

Recorded login sequences enable Burp to handle complex authentication mechanisms, including:

• Single sign-on.
• Multi-step logins in which the username and password are not entered in the same form.
• Login forms that contain, for example, extra fields or checkboxes.

You can manage recorded login sequences from the Application login tab of the scan launcher. From here, you can:

• Add new logins to the scan.
• Edit existing logins.
• Replay existing logins.
• Import logins from the configuration library.

Adding login sequences

To add a login sequence to your scan:

1. From the scan launcher's Application login tab, select Use recorded login sequences.
2. Click New to display the New Recorded Login dialog.
3. Enter a descriptive Label for the login.
4. Paste the data from your clipboard into the Paste Script field.
5. Click OK.

Burp adds the sequence to the list of application logins.

Editing existing recorded logins

To edit an existing recorded login, select it and click Edit to display the Edit Recorded Login dialog. This dialog shows the events comprising the login sequence in a table.

From here you can:

• Insert a new login event.

• Edit an existing event.

• Delete an event.

Alternatively, click See as JSON to view the raw JSON for the recorded login sequence. You can edit this JSON directly. To return to the events table from this view, click View as Events.

To delete an existing recorded login, select it and click Delete.