Browser-powered scanning

  • Last updated: January 27, 2023

  • Read time: 2 Minutes

Browser-powered scanning is an invaluable feature that unleashes the full, unparalleled capability of Burp Scanner on modern websites and web applications. When browser-powered scanning is enabled, Burp uses Burp's browser to perform all navigation during both the crawl and audit phase of a scan. Navigating the target in this way enables Burp Scanner to accurately handle virtually any client-side technology that a modern browser can. This has the potential to offer dramatically increased coverage compared to the previous crawler engine.

Browser-powered scanning is almost a necessity in order to perform truly comprehensive automated testing on many modern websites. For example, some websites have a navigational UI that is dynamically generated using JavaScript, which means that it is not present in the raw HTML. In this case, the previous crawler engine would be unable to render the full content and might miss key vulnerabilities as a result. However, when crawling using Burp's browser, Burp Scanner is able to load the page, execute any scripts required to build the UI, and then continue crawling as normal.

Browser-powered scans can also handle cases where the website modifies requests on-the-fly using JavaScript event handlers. By using Burp's browser, Burp Scanner is able to trigger the relevant events and execute the corresponding script, modifying any requests as needed.

Enabling browser-powered scanning also allows you to take advantage of several other new features that rely on Burp's browser to work. Most notably, you can record and upload full login sequences so that Burp Scanner is able to successfully handle more complex login mechanisms, including single sign-on.

How to enable browser-powered scanning

Many users won't need to do anything to enable browser-powered scanning. When you launch Burp, it will automatically check your machine's specs. If it appears to meet the system requirements, all scans will use Burp's browser by default. Otherwise, scans will revert to the previous crawler engine.

If you prefer, you can also manually enable or disable browser-powered scanning in your scan configuration. You can find this option under Crawling > Miscellaneous > Burp's browser options.

System requirements for browser-powered scanning

Browser-powered scanning does place slightly more load on your system resources than regular scanning. For this reason, we recommend a machine with at least 2 CPU cores and 8 GB RAM.

Browser-powered scanning on Linux

As a precaution, Burp's browser is sandboxed by default. However, when running on Linux as root, you may initially be unable to launch browser-powered scans.

If you run into issues, from the Help menu, open the Health check for Burp's browser tool to see if this is the cause. If so, you can choose to allow the browser to run without the sandbox. This option is available under Settings > Burp's browser options. Before doing this, please make sure that you are aware of the security implications. Scanning hostile websites without the sandbox increases the risk of your local system being compromised.

Was this article helpful?