Audit items view
Last updated: May 17, 2022
Read time: 3 Minutes
The following details about each item are shown:
- An index number for the item.
- The destination protocol, host and URL.
- The current status of the item.
- The number of issues identified for the item, categorized by severity.
- The number of requests made while auditing the item. Note that this is not a linear function of the number of insertion points - observed application behavior feeds back into subsequent requests, just as it would for a human tester.
- The number of network errors encountered.
- The number of insertion points created for the item.
This information lets you easily monitor the progress of individual audit items. If you find that some scans are progressing too slowly, you can understand the reasons why, such as large numbers of insertion points, slowness in application responses, network errors, etc. Given this information, you can then take action to optimize your scans, by changing the configuration for audit optimization, the issues being tested, or insertion points.
You can double-click any item to display the issues identified so far, and view the base request and response for the item.
You can use the context menu to perform various actions to control the audit process. The exact options that are available depend upon the status of the selected item(s), and include:
- Show details - This opens a window showing the issues identified so far, and the base request and response for the item.
- Cancel - This cancels the selected item(s) so they will not be audited. If auditing is already in progress, there will typically be a short delay while the pending requests are completed, and the item is fully canceled.
- Audit again - This duplicates the selected item(s) and adds these to the end of the list.
- Add comment - You can use this function to add a comment to the selected item(s). See Annotations for more details.
- Highlight - You can use this function to apply a highlight to the selected item(s). See Annotations for more details.
- Send to ... - These options are used to send the base request for the selected item to other Burp tools.
Audit phase indicators
- Passive phase 1: This involves identifying, but not reporting, passive issues.
- Passive phase 2: This involves consolidating frequently occurring passive issues and reporting the resulting issues.
- Active phase 1: This involves testing each insertion point for first-order vulnerabilities.
- Active phase 2: This involves sending data to each insertion point designed to detect stored input behaviors.
- Active phase 3: This involves re-fetching application responses to detect stored input behaviors.
- Active phase 4: This involves testing discovered stored input paths for second-order vulnerabilities.
- Active phase 5: This involves sending to each insertion point a payload designed to detect blind stored XSS vulnerabilities via Burp Collaborator interactions, if the payload is ever rendered to an application user.
Audit items annotations
You can annotate audit items by adding comments and highlights. This can be useful to flag up interesting items for further investigation or to help manage your manual workflow.
You can add highlights in two ways:
- You can highlight individual items using the drop-down menu on the left-most table column.
- You can highlight one or more selected items using the Highlight item on the context menu.
You can add comments in two ways:
- You can double-click the relevant entry, within the Comment column, to add or edit a comment in-place.
- You can comment one or more selected items using the Add comment item on the context menu.