Looking for our research? We've moved it to a dedicated page

[MoBP] Spidering authenticated applications

Dafydd Stuttard | 13 November 2008 at 08:08 UTC
MoBP burp

Related to yesterday's post is a further enhancement to the way the Spider handles form submission. In the new version, you can control how Burp handles login forms, separately from the configuration for forms in general. You can tell the Spider to perform one of four different actions when a login form is encountered:

In the last case, any time Burp encounters a form containing a password field, it will submit your configured password in that field, and will submit your configured username in the text input field whose name most looks like a username field. The UI for configuring application login looks like this: