Burp Spider Documentation - Control Tab
This tab is used to start and stop Burp Spider, monitor its progress, and
define the spidering scope.
Use these settings to monitor and control Burp Spider:
- Spider is paused / running - This toggle button is used to start and stop the Spider. While
the Spider is stopped it will not make any requests of its own, although it
will continue to process responses generated via Burp Proxy (if
passive spidering is enabled), and any newly-discovered
items that are within the spidering scope will be queued to be requested if
the Spider is restarted.
- Clear queues - If you want to reprioritize your work, you can completely
clear the currently queued items, so that other items can be added to the queue.
Note that the cleared items may be re-queued if they remain in-scope and the
Spider's parser encounters new links to the items.
The display also shows some metrics about the Spider's progress, enabling
you to see the size of the in-scope content and the work remaining to fully
All content discovered by the Spider is added to the main suite
This panel lets you define exactly what is in-scope
for the Spider to request.
The best way to handle spidering scope is normally using the suite-wide
target scope, and by default the Spider will
use that scope. If you need to define a different scope
for the Spider to use, then select "Use custom scope". A further configuration
panel will appear which functions in the same way as the suite-wide
target scope panel.
If you have selected to use a custom scope and you send any out-of-scope items
to the Spider, then Burp will automatically update this custom scope, rather
than the Suite scope.
Wednesday, April 22, 2015
This release contains a number of minor enhancements and bugfixes, including:
- The Proxy now uses SHA256 to generate its CA and per-host certificates
- There is a new button at Proxy / Options / Proxy Listeners to force Burp to regenerate its CA certificate.
- A bug in the "Paste from file" function which caused Burp to sometimes retain a lock on the selected file has been fixed.
- A bug in the Intruder "extract grep" function, which sometimes caused extracted HTML content to be rendered as HTML in the results table, has been fixed.
See all release notes ›