Looking for our research? We've moved it to a dedicated page

Burp 2.0: Where is live scanning?

Liam Tai-Hogan | 04 October 2018 at 14:00 UTC

Burp 1.x had some features tucked away within the Spider and Scanner tools that controlled the automated processing that Burp performed on traffic passing through the Proxy. Where have these features gone?

Burp 1.x

In Burp 1.x, the "live scanning" feature by default carried out a passive-only scan on all traffic through the Proxy:


Burp 2.0

Burp 2.0 introduces the concept of a "live task". You can create a live task using the "New live task" button on the Dashboard:

The new-style live tasks are more flexible and versatile. you can monitor traffic from multiple Burp tools, not just the Proxy. You can create multiple tasks with different configurations. And you have fine-grained control over the scope of what traffic gets monitored and what actions are performed.

By default, Burp 2.0 creates two live tasks. These automatically populate the site map with links that are observed in traffic through the Proxy, and automatically perform auditing using passive techniques.