Burp Scanner automates the task of scanning web sites for content and vulnerabilities. Depending on configuration, the Scanner can crawl the application to discover its content and functionality, and audit the application to discover vulnerabilities. By default, all scans will use Burp's browser to ensure maximum coverage through browser-powered scanning. You can also provide sets of user credentials so that Burp Scanner can discover and audit content that is only accessible to authenticated users. Importing full login sequences even enables Burp Scanner to handle more complex login mechanisms, including single sign-on.
Scans can be launched in a variety of ways:
When configuring scans in Burp Suite, you can either select a preset scan mode or define a custom configuration. To manage configuration for a scan, select the Scan Configuration tab.
Burp Scanner's preset scan modes are predefined collections of scan settings. They offer a quick way to adjust how the scan balances speed and coverage. To select a preset scan mode, ensure that the Use a preset scan mode radio button is selected and click one of the available options.
Burp Scanner offers four preset scan modes, listed from the fastest to the greatest coverage:
If you select the Remember my choice for future scans checkbox, then Burp Suite remembers the selected scan mode the next time you open the scan launcher.
Using a custom scan configuration enables you to fine-tune Burp Scanner's behavior to meet your needs.
There are two types of custom configuration in Burp Suite:
Click Use a custom configuration to display a list of your existing configurations. From here, you can add to the list, reorder the list, or remove configurations altogether.
You can apply configurations to the scan by:
To create a new scan configuration:
For an in-depth explanation of the options available when creating a custom scan configuration, see the Crawl options and Audit options pages.
To load a configuration from the configuration library, click Select from library and select a configuration from the modal box. The configuration library contains any custom configurations that you have saved, along with some built-in configurations.
For more information on the built-in configurations available in Burp Suite, see the Burp Scanner built-in configurations page.
To import a configuration, click Import and select the JSON configuration file you want to import from the dialog box.
Importing configuration files enables you to use external configurations (that is, scan configurations that you have exported from other installations of Burp Suite or Burp Suite Enterprise Edition) in your current installation of Burp Suite.
For more information on exporting configuration files from the desktop editions for Burp, see the Desktop - Configurations page.
When defining custom configurations, you can specify multiple configurations for a single site. Burp Scanner applies any selected configurations in order, enabling you to further fine-tune scanning behaviour. In practice, this means that any options specified for a particular setting take precedence over equivalent settings for configurations higher in the list.
| Config name | Max crawl time | Max locations | Max request count |
| Default | 150 | 1500 | 0 |
| Config 1 | 100 | - | 50 |
| Config 2 | 200 | - | - |
| Settings used | 200 | 1500 | 50 |
This example shows two selected configurations, which combine with the default configuration when the site is scanned.
For simplicity, the above example focuses on the settings in the Crawling > Crawl Limits section of the scan configuration setup. However, the principles shown apply to all configuration settings.
You can monitor the progress and results of a scan in various ways:
You can generate reports of issues found via Burp Scanner in HTML format. You can also export issues in XML format suitable for importing into other tools.
You can find addition information about specific topics on the following Support pages: