Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Enterprise EditionProfessional

Authenticated scanning

  • Last updated: March 1, 2024

  • Read time: 1 Minute

When crawling a target application, Burp Scanner attempts to cover as much of the application's attack surface as possible. Authenticated scanning enables Burp to crawl privileged content that requires a login to access, such as user dashboards and admin panels.

Burp Scanner can authenticate with target applications in two ways:

  • Login credentials are simple username and password pairs. They are intended for sites that use a single-step login mechanism.
  • Recorded login sequences are user-defined sequences of instructions. They are intended for sites that use complex login mechanisms such as Single Sign-On.

You can only use one authentication method per scan. If you enter both login credentials and a recorded login sequence, Burp Scanner ignores the provided login credentials.

Was this article helpful?