Enterprise Edition
Adding usernames and passwords for a web app
-
Last updated: July 16, 2024
-
Read time: 2 Minutes
If your web app uses a basic username and password-based login system, you can specify login credentials for Burp Scanner to use when scanning the site. Specifying a valid username and password enables Burp Scanner to log in to the web app and audit content that only authenticated users can usually see.
Note
Adding a username and password works well for web apps using simple login forms with only two input fields. However, if your web app uses a more complex login mechanism then you should use recorded login sequences instead of username and password-based login credentials, as Burp Scanner may be unable to log in otherwise.
You cannot use both credential types on a single web app site in Burp Suite Enterprise Edition.
Specifying username and password details when adding a new web app site
To specify username and password login credentials during the process of adding a new web app site:
- On the top menu, select Sites > Add a new site to display the Create a new site page.
- In the Scan settings section, select Authentication > Application logins.
- Make sure that Usernames and passwords is selected, and click Add login credentials.
- In the dialog box, enter a unique Label to identify this set of login credentials.
- Enter the Username and Password.
- Click Save.
Specifying username and password details for an existing web app
To specify username and password login credentials for an existing web app site:
- On the top menu, select Sites to display the site tree.
- Select the site you want to set up notifications for.
- Select the Details tab and click Edit.
- In the Scan settings section, select Authentication > Application logins.
- Make sure that Usernames and passwords is selected, and click Add login credentials.
- In the dialog box, enter a unique Label to identify this set of login credentials.
- Enter the Username and Password.
- Click Save to close the dialog box.
- Click Save.
To specify an additional set of credentials, click the plus button and repeat steps 6 to 9.
To delete a set of credentials, click the trash icon .