login

Burp Suite, the leading toolkit for web application security testing

Scan Results

The Results tab contains all of the issues that the Scanner has identified, from both active and passive scanning.

There is a tree view showing a hierarchical representation of application content where issues have been found, with URLs broken down into domains, directories, and files. If you select one or more parts of the tree, all of the scan issues for the selected items are listed, with issues of the same type grouped together. You can expand these aggregated issues to view all of the individual issues of each type. 

If you select an issue, the relevant details are displayed, including:

Often, the fastest way to reproduce and verify an issue is to use the context menu on the message editor to send the request to Burp Repeater. Alternatively, for GET requests, you can copy the URL and paste it into your browser. Then you can reissue the request, and if necessary fine tune the proof-of-concept attack that was generated by Burp.

Every issue that Burp Scanner reports is given a rating both for severity (high, medium, low, informational) and for confidence (certain, firm, tentative). When an issue has been identified using a technique that is inherently less reliable (such as for blind SQL injection), Burp makes you aware of this, by dropping the confidence level to less than certain. These ratings should always be interpreted as indicative, and you should review them based on your knowledge of the application's functionality and business context.

The issue listing has a context menu that you can use to perform the following actions:

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Wednesday, April 22, 2015

v1.6.17

This release contains a number of minor enhancements and bugfixes, including:

  • The Proxy now uses SHA256 to generate its CA and per-host certificates
  • There is a new button at Proxy / Options / Proxy Listeners to force Burp to regenerate its CA certificate.
  • A bug in the "Paste from file" function which caused Burp to sometimes retain a lock on the selected file has been fixed.
  • A bug in the Intruder "extract grep" function, which sometimes caused extracted HTML content to be rendered as HTML in the results table, has been fixed.

See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.