Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Enterprise Edition

Adding usernames and passwords for a web app

  • Last updated: July 16, 2024

  • Read time: 2 Minutes

If your web app uses a basic username and password-based login system, you can specify login credentials for Burp Scanner to use when scanning the site. Specifying a valid username and password enables Burp Scanner to log in to the web app and audit content that only authenticated users can usually see.

Note

Adding a username and password works well for web apps using simple login forms with only two input fields. However, if your web app uses a more complex login mechanism then you should use recorded login sequences instead of username and password-based login credentials, as Burp Scanner may be unable to log in otherwise.

You cannot use both credential types on a single web app site in Burp Suite Enterprise Edition.

Specifying username and password details when adding a new web app site

To specify username and password login credentials during the process of adding a new web app site:

  1. On the top menu, select Sites > Add a new site to display the Create a new site page.
  2. In the Scan settings section, select Authentication > Application logins.
  3. Make sure that Usernames and passwords is selected, and click Add login credentials.
  4. In the dialog box, enter a unique Label to identify this set of login credentials.
  5. Enter the Username and Password.
  6. Click Save.

Specifying username and password details for an existing web app

To specify username and password login credentials for an existing web app site:

  1. On the top menu, select Sites to display the site tree.
  2. Select the site you want to set up notifications for.
  3. Select the Details tab and click Edit.
  4. In the Scan settings section, select Authentication > Application logins.
  5. Make sure that Usernames and passwords is selected, and click Add login credentials.
  6. In the dialog box, enter a unique Label to identify this set of login credentials.
  7. Enter the Username and Password.
  8. Click Save to close the dialog box.
  9. Click Save.

To specify an additional set of credentials, click the plus button and repeat steps 6 to 9.

To delete a set of credentials, click the trash icon .

Was this article helpful?