Automating Burp Suite -2 | Automated Authenticated Login and Scanning via Macro

Reference Image

How To Do It:

  1. Visit https://demo.testfire.net/ (test application for authenticated scan)
Vulnerable demo application
Login request for authentication
Session handling rule
Macro recorder
Macro editor
Session handling actions
Scope
  1. Select the valid URL (any url which appears after user log in with valid credentials). Then log out of the application and send the request to check how application responds when session is log out.
Validating Session
Session handling rule
Valid and authenticated request
Macro editor
Session handling rule editor
Session handling action editor
Another invalid session from proxy history
Session handling
Session handling with multiple rules
Scope
Validation
Auto Login
User not logged in, showing Sign In
Disable then enable both the macro(Only disabled shown)
Authenticated login

How it Works:

  1. https://portswigger.net/support/configuring-burp-suites-session-handling-rules
  2. https://www.youtube.com/watch?v=5v8bWAcA8oI

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The first release candidate of Feren OS Next is here!

Installing Mozilla TTS on a Raspberry Pi 4

A Raspberry Pi 4 on a desk plugged into a power supply

Git Flow, Customized and Explained

(An Approach to) Git Flow Explained

One Great Delivery Experience, Your Favorite Tools

Application Frameworks 1st and 2nd Week

MatrixETF Beta 1.0 Open Test Starts

Terraform vs The Rest

JUnit 5 — New Architecture, New Features

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Divyanshu Shukla

Divyanshu Shukla

Meh

More from Medium

Testing for Local File Inclusion Vulnerability-Part 1

HackTheBox Writeup — BountyHunter

Kioptrix Level 5 — VulnHub

HackTheBox — Previse Writeup