login

Burp Suite, the leading toolkit for web application security testing

Burp Scanner - Reporting

You can export a report of some or all of the issues generated by Burp Scanner. To do this, select the desired issues in the Results tab, and choose "Report selected issues" from the context menu. The reporting wizard lets you choose various options for your report, as described below.

Report Format

You can choose one of the following formats for the report:

Note: The XML format uses an internal DTD, and authors of interoperability code are recommended to review a sample report to obtain the current DTD. The following XML elements are worth noting:

Issue Details

You can choose the types of details to include in the report:

HTTP Messages

You can choose how HTTP messages should appear in the report. The following options are available for requests and responses:

Issue Types

The wizard lists the different types of issues that were included in your selection, and a count of the number of instances of each type. You can deselect any types of issues that you do not wish to include. This is useful if you have selected a large number of issues (for example, by selecting the application host), and want to remove certain less interesting types of issues from the report.

Report Details

You can specify the file where the report will be saved.

For HTML reports, you can specify the following details:

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Thursday, March 12, 2015

v1.6.12

This release contains various bugfixes and minor enhancements, including:

  • In the site map table, the "Method" column previously always showed GET for requests without a body, and POST for requests with a body, even if the actual method was different. This bug has now been fixed and the table shows the correct method.
  • A bug which prevented client SSL certificates from being used when an upstream proxy is configured has been fixed.
  • A bug which caused Decoder to fail to decode hex number HTML entities containing an upper-case X has been fixed.
  • See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.