Scanning web sites
Burp Scanner automates the task of scanning web sites for content and vulnerabilities. Depending on configuration, the Scanner can crawl the application to discover its content and functionality, and audit the application to discover vulnerabilities.
Scans can be launched in a variety of ways:
Scan from specific URLs. This performs a scan by crawling the content within one or more provided URLs, and optionally auditing the crawled content. To do this, go to the Burp Dashboard, and click the "New scan" button. This will open the scan launcher which lets you configure details of the scan.
Scan selected items. This lets you perform an audit-only scan (no crawling) of specific HTTP requests. To do this, select one or more requests anywhere within Burp, and select "Scan" from the context menu. This will open the scan launcher which lets you configure details of the scan.
Live scanning. You can use live scans to automatically scan requests that are processed by other Burp tools, such as the Proxy or Repeater tools. You can configure precisely which requests are processed, and whether they should be scanned to identify content or audit for vulnerabilities. To do this, go to the Burp Dashboard, and click the "New live task" button. This will open the live scan launcher which lets you configure details of the task.
Instant scanning. You can also launch instant active or passive scans from the context menu. This means you can quickly check for vulnerabilities without having to open the scan launcher. You can access these options by right-clicking on a request. Alternatively, you can configure hotkeys for triggering instant scans.
You can launch multiple scans in parallel, and each scan has its own configuration options that determine exactly how the scan is carried out. There are two key areas of configuration:
Crawl options. These options control behavior like maximum link depth, how the crawler optimizes for speed versus coverage, and limits on the extent of the crawl. Read more
Audit options. These options control behavior like the handling of insertion points and what detection methods are employed. These options are very important in controlling what type of audit activity will be performed, from a lightweight purely passive analysis through to a heavyweight invasive scan. Read more
Monitoring scan activity
You can monitor the progress and results of a scan in various ways:
You can generate reports of issues found via Burp Scanner in HTML format. You can also export issues in XML format suitable for importing into other tools.