Key configuration options

  • Last updated: August 25, 2022

  • Read time: 1 Minute

Burp contains a wealth of configuration options that you can use to ensure that Burp works with your target application in the way you require. This section provides a brief overview of some of the key configuration options that you are most likely to need,

You can configure the font and character set used to display HTTP messages, and also the font in Burp's own UI.

Key display settings

The target scope configuration tells Burp the items that you are currently interested in and willing to attack. You should configure this early in your testing, as it can control which items are displayed in the Proxy history and Target site map, which messages are intercepted in the Proxy, and which items may be scanned.

Key scope settings

If the application server employs any platform level (HTTP) authentication, you configure Burp to handle the authentication automatically.

Key authentication settings

Many applications contain features that can hinder automated or manual testing, such as reactive session termination, use of per-request tokens, and stateful multi-stage processes. You can configure Burp to handle most of these situations seamlessly, using a combination of session handling rules and macros.

Key session handling settings

You can configure Burp to schedule tasks at given times or intervals, to allow you to work within specified testing windows.

Key scheduling tasks

Was this article helpful?