Misc project options

This tab contains settings for scheduled tasks, Burp Collaborator server, and logging.

Scheduled tasks

Professional See the Task Scheduler documentation.

Burp Collaborator server

Burp Collaborator is an external service that Burp can use to help discover many kinds of vulnerabilities. For more details about the functionality and alternative methods of utilization of Burp Collaborator, see the main Burp Collaborator documentation.

The following options for using Burp Collaborator server are available:

• Use the default Collaborator server - This default option uses a public Collaborator server provided by PortSwigger. This server is shared between all Burp users who use it. If the public Collaborator server suffers from any service outage or degradation, then the efficacy of Collaborator-related functionality within Burp may be impaired. For this reason, PortSwigger makes no warranty about the availability or performance of this server.
• Don't use Burp Collaborator - With this option, none of the Collaborator-related capabilities within Burp will be available.
• Use a private Collaborator server - This option lets you use your own instance of the Collaborator server. See the documentation on deploying a private Collaborator server if you would like to do this.

If you are using a private Collaborator server, you will need to configure Burp with the details of its location. The following options are available:

• Server location - This is the domain name or IP address of your server. If you specify the server by IP address, then Burp's Collaborator-related functionality that relies on DNS resolution will not be available. For more details, see the main Burp Collaborator documentation.
• Polling location (optional) - This optional field lets you specify the location where your private Collaborator server answers polling requests. Collaborator servers can be configured to receive interactions and answer polling requests on different network interfaces, if required. You can specify the polling location by hostname or IP address, with an optional port number separated by a colon. For example, 10.20.30.40:8008.

The following further options are also available:

• Poll over unencrypted HTTP - By default, Burp polls the Collaborator server over HTTPS, and enforces TLS trust to prevent man-in-the-middle attacks. If your instance of Burp is unable to poll directly over HTTPS due to network or other limitations, you can opt to poll over unencrypted HTTP.
• Run health check - This button displays a dialog that performs a quick health check of your configured Collaborator server. It verifies whether it is possible to interact with the server using various network services, and whether Burp can retrieve the details of these interactions via polling. Based on these tests, you can determine whether Burp is likely to be able to make use of all, some, or none of the Collaborator's features.

Logging

These settings control logging of HTTP requests and responses. Logging can be configured per-tool or for all Burp traffic.

Burp's browser project options

Burp's browser is sandboxed by default. However, in a few very specific circumstances, such as when running in Linux as root, you might not be able to launch browser-powered scans using the sandbox.

If you run into issues, use the Health check for Burp's browser tool to see if this is the cause. If so, you can enable the option Allow the browser to run without a sandbox. Before doing this, please make sure that you are aware of the security implications. Scanning hostile websites without the sandbox increases the risk of your local system being compromised.

In certain environments, Burp's browser may repeatedly crash after attempting to use a GPU where none exists. If you experience this problem, select the Stop the Burp's browser using the GPU option.