Automating Burp Suite -2 | Automated Authenticated Login and Scanning via Macro

Reference Image

How To Do It:

A) Auto Login Macro:

Vulnerable demo application
Login request for authentication
Session handling rule
Macro recorder
Macro editor
Session handling actions
Scope
Validating Session
Session handling rule
Valid and authenticated request
Macro editor
Session handling rule editor
Session handling action editor
Another invalid session from proxy history
Session handling
Session handling with multiple rules
Scope
Validation
Auto Login
User not logged in, showing Sign In
Disable then enable both the macro(Only disabled shown)
Authenticated login

How it Works:

Here, the first macro sign in the application using valid login request with credentials. This macro is used to sign in automatically.
The second part where session validation is performed is to validate if session is validate for specific endpoints and also in case of invalid sessions it re-runs the login Macro.

  1. https://www.youtube.com/watch?v=5v8bWAcA8oI

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store