This function can be used to analyze a target web application and tell you
how many static and dynamic URLs it contains, and how many parameters each URL
takes. This can help you assess how much effort a penetration testing engagement
is likely to involve, and can help you decide where to focus your attention
during the test itself.
To access this feature, select one or more hosts or branches within the site
map, and choose "Analyze site map" within "Engagement tools" in the context
The Target Analyzer dialog contains the following tabs:
- Summary - This shows the total number of dynamic
URLs, static URLs, parameters, and unique parameter names. It also has
an option to save all of the analysis results in an HTML-formatted
- Dynamic URLs - This lists all of the URLs that
were observed to accept parameters. The preview pane shows the full
request and response for the selected item, and details of the request
- Static URLs - This lists all of the URLs that were
not observed to take parameters. The preview pane shows the full
request and response for the selected item.
- Parameters - This lists each uniquely named
parameter, and a count of the URLs in which it appears. Selecting a
parameter displays a list of those URLs, and selecting a URL displays
the full request and response for that URL.
The following points are worth noting about the target analyzer:
- The function
only analyzes the content already captured within the site map, so you should
ensure that you have fully mapped all of the application's
content and functionality before running it.
- URLs are classified as "static"
if they have not been observed to take any parameters in the URL or message body; however the responses
from these URLs may still be dynamically generated by the application.
Get help from other users, at the Burp Suite User Forum:
Visit the forum ›
Tuesday, April 15, 2014
Burp Suite Free Edition v1.6 contains significant new features added since v1.5, including support for WebSockets messages, PKCS#11 client SSL certificates contained in smart cards and physical tokens, a new Extender tool, allowing dynamic loading and unloading of multiple extensions, and the BApp Store, allowing quick and easy installation of extensions written by other Burp users.
Burp Suite Professional contains a number of bugfixes and tweaks, added since the last beta version.
See all release notes ›