Scanning web sites
Last updated: September 9, 2021
Read time: 3 Minutes
Burp Scanner automates the task of scanning web sites for content and vulnerabilities. Depending on configuration, the Scanner can crawl the application to discover its content and functionality, and audit the application to discover vulnerabilities. By default, all scans will use Burp's embedded browser to ensure maximum coverage through browser-powered scanning. You can also provide sets of user credentials so that Burp Scanner can discover and audit content that is only accessible to authenticated users. Importing full login sequences even enables Burp Scanner to handle more complex login mechanisms, including single sign-on.
Scans can be launched in a variety of ways:
- Scan from specific URLs. This performs a scan by crawling the content within one or more provided URLs, and optionally auditing the crawled content. To do this, go to the Burp Dashboard, and click the "New scan" button. This will open the scan launcher which lets you configure details of the scan.
- Scan selected items. This lets you perform an audit-only scan (no crawling) of specific HTTP requests. To do this, select one or more requests anywhere within Burp, and select "Scan" from the context menu. This will open the scan launcher which lets you configure details of the scan.
- Live scanning. You can use live scans to automatically scan requests that are processed by other Burp tools, such as the Proxy or Repeater tools. You can configure precisely which requests are processed, and whether they should be scanned to identify content or audit for vulnerabilities. To do this, go to the Burp Dashboard, and click the "New live task" button. This will open the live scan launcher which lets you configure details of the task.
- Instant scanning. You can also launch instant active or passive scans from the context menu. This means you can quickly check for vulnerabilities without having to open the scan launcher. You can access these options by right-clicking on a request. Alternatively, you can configure hotkeys for triggering instant scans.
You can launch multiple scans in parallel, and each scan has its own configuration options that determine exactly how the scan is carried out. There are two key areas of configuration:
- Crawl options. These options control behavior like maximum link depth, how the crawler optimizes for speed versus coverage, and limits on the extent of the crawl. You can also enable or disable some of Burp Scanner's miscellaneous features, such as browser-powered scanning and API scanning.
- Audit options. These options control behavior like the handling of insertion points and what detection methods are employed. These options are very important in controlling what type of audit activity will be performed, from a lightweight purely passive analysis through to a heavyweight invasive scan.
Monitoring scan activity
You can monitor the progress and results of a scan in various ways:
- The Burp Dashboard shows metrics about the progress of each task, and the issue activity log shows the issues that are reported by all scanning tasks.
- You can open the task details window for an individual scan, to view the issue activity log for only that scan, and a detailed view of the audit items for applicable tasks.
- The Target site map shows all of the content and issues that have been identified, organized by domain and URL.
You can generate reports of issues found via Burp Scanner in HTML format. You can also export issues in XML format suitable for importing into other tools.
You can find addition information about specific topics on the following Support pages: