Last updated: July 20, 2021
Read time: 3 Minutes
You can export a report of some or all of the issues generated by Burp Scanner. To do this, select the desired issues in the Issues view of the Site map, or in the issue activity log, and choose "Report selected issues" from the context menu. The reporting wizard lets you choose various options for your report, as described below.
You can choose one of the following formats for the report:
Note: The XML format uses an internal DTD, and authors of interoperability code are recommended to review a sample report to obtain the current DTD. The following XML elements are worth noting:
serialNumberelement contains a long integer that is unique to that individual issue instance. If you export issues several times from the same instance of Burp, you can use the serial number to identify incrementally new issues.
typeelement contains an integer that uniquely identifies the issue type (SQL injection, XSS, etc.). This value is stable across different instances of Burp. See the list of scan issue types for a list of all numeric type identifiers.
nameelement contains the corresponding descriptive name for the issue type. See the list of scan issue types for a list of all issue names.
pathelement contains the URL for the issue (excluding query string).
locationelement includes both the URL and a description of the entry point for the attack, where relevant (a specific URL parameter, request header, etc.).
responseelements have a
base64attribute, which contains a Boolean value indicating whether the messages have been Base64-encoded.
You can choose the types of details to include in the report:
You can choose how HTTP messages should appear in the report. The following options are available for requests and responses:
The wizard lists the different types of issues that were included in your selection, and a count of the number of instances of each type. You can deselect any types of issues that you do not wish to include. This is useful if you have selected a large number of issues (for example, by selecting the application host), and want to remove certain less interesting types of issues from the report.
You can specify the file where the report will be saved.
For HTML reports, you can specify the following details: