Scanning web sites
Burp Scanner automates the task of scanning web sites for content and vulnerabilities. Depending on configuration, the Scanner can crawl the application to discover its content and functionality, and audit the application to discover vulnerabilities. By default, all scans will use Burp's browser to ensure maximum coverage through browser-powered scanning. You can also provide sets of user credentials so that Burp Scanner can discover and audit content that is only accessible to authenticated users. Importing full login sequences even enables Burp Scanner to handle more complex login mechanisms, including single sign-on.
Launching scans
Scans can be launched in a variety of ways:
-
Scan from specific URLs. This performs a scan by crawling the content within one or more provided URLs, and optionally auditing the crawled content. To do this, go to the Burp Dashboard, and click the New scan button. This will open the scan launcher which lets you configure details of the scan.
-
Scan selected items. This lets you perform an audit-only scan (no crawling) of specific HTTP requests. To do this, select one or more requests anywhere within Burp, and select Scan from the context menu. This will open the scan launcher which lets you configure details of the scan.
-
Live scanning. You can use live scans to automatically scan requests that are processed by other Burp tools, such as the Proxy or Repeater tools. You can configure precisely which requests are processed, and whether they should be scanned to identify content or audit for vulnerabilities. To do this, go to the Burp Dashboard, and click the New live task button. This will open the live scan launcher which lets you configure details of the task.
-
Instant scanning. You can also launch instant active or passive scans from the context menu. This means you can quickly check for vulnerabilities without having to open the scan launcher. You can access these options by right-clicking on a request. Alternatively, you can configure hotkeys for triggering instant scans.
Configuring scans
You can launch multiple scans in parallel, and each scan has its own configuration options that determine exactly how the scan is carried out. There are two key areas of configuration:
-
Crawl options. These options control behavior like maximum link depth, how the crawler optimizes for speed versus coverage, and limits on the extent of the crawl. You can also enable or disable some of Burp Scanner's miscellaneous features, such as browser-powered scanning and API scanning.
-
Audit options. These options control behavior like the handling of insertion points and what detection methods are employed. These options are very important in controlling what type of audit activity will be performed, from a lightweight purely passive analysis through to a heavyweight invasive scan.
You can either create your own custom configurations or load built-in configurations from the configuration library using the Select from library button in the Scan Configuration section of the scan launcher.
If no configuration is created or loaded in, Burp Scanner uses its default configuration. Burp Scanner's default configuration provides a good balance between performance and coverage of issues, suitable for most web applications.
Note
Burp Suite's configuration library comes with a set of built-in configurations so you can quickly configure these options.
Monitoring scan activity
You can monitor the progress and results of a scan in various ways:
Reporting
You can generate reports of issues found via Burp Scanner in HTML format. You can also export issues in XML format suitable for importing into other tools.
Additional information
You can find addition information about specific topics on the following Support pages: