Active Scan Queue
Active scanning typically
involves sending large numbers of requests to the server for each base
request that is scanned, and this can be a time consuming process. When you send requests for active scanning, these
are added to the active scan queue, in which they are processed in turn.
The scan queue displays the following details about each item:
- An index number for the item, reflecting the order in which items
- The destination protocol, host and URL.
- The current status of the item, including percentage complete.
- The number of scan issues
identified for the item (this is colorized according to the significance
and confidence attached to the most serious issue).
- The number of requests made while scanning the item. Note that this is
not a linear function of the number of insertion points - observed
application behavior feeds back into subsequent attack requests, just as
it would for a human tester.
- The number of network errors encountered.
- The number of
insertion points created for the item.
This information lets you easily monitor the progress of individual scan
items. If you find that some scans are progressing too slowly, you can
understand the reasons why, such as large numbers of insertion points,
slowness in application responses, network errors, etc. Given this
information, you can then take action to optimize your scans, by changing
the configuration for
insertion points, the scanning
engine, or the active
scanning areas being tested.
You can double-click any item in the scan queue to display the issues
identified so far, and view the base request and response for the item.
You can use the context menu on the scan queue to perform various actions
to control the scanning process. The exact options that are available depend
upon the status of the selected item(s), and include:
- Show details - This opens a window showing the
issues identified so far, and the base request and response for the
- Scan next - This repositions the selected item(s)
in the queue so that they are scanned next.
- Cancel - This cancels the selected item(s) so they
will not be scanned. If scanning has already begun, there will typically
be a short delay while the pending scan requests are completed, and the
item is fully cancelled.
- Scan again - This duplicates the selected item(s)
and adds these to the end of the queue.
- Delete item(s) - This permanently removes the
selected item(s) from the queue.
- Delete finished items - This permanently removes
any items from the queue that are already finished.
- Automatically delete finished items - This toggles
whether the scanner automatically deletes items from the queue as they
- Pause / resume scanner - This pauses and resumes
the active scanner. If any scanning is currently underway when the
scanner is paused, there will typically be a short delay while the
pending scan requests are completed.
- Send to ... - These options are used to send the
base request for the selected item to other Burp tools.
Wednesday, May 6, 2015
This release updates the Scanner to enable it to find blind XML external entity (XXE) injection vulnerabilities.
Some performance improvements have been made to the Burp Collaborator server, and the metrics page now splits interaction counters into TCP and UDP interactions.
A number of minor bugs have also been fixed.
See all release notes ›