You can launch scans via the "New scan" button on the Burp Dashboard or the "Scan" option on the context menu that appears throughout Burp. Using one of these methods will display the scan launcher, which lets you configure various details of the scan.
The "Scan details" section of the scan launcher lets you select the scan type, and the details of what will be scanned.
The following scan types can be selected:
Depending on the scan type that is selected, the scan launcher will show options for the scope of the scan or the individual items to be scanned.
This section is displayed for "Crawl and audit" and "Crawl" scan types. You can configure one or more URLs from which Burp will perform the crawl. These URLs will be the starting point of the crawl, and Burp will follow links from there into the application.
By default, the scope of the crawl will be restricted to the configured URLs truncated to the final folder (if any). For example, if you specify a start URL of https://example.org/myapp/welcome.php then the crawler will begin at this URL, and will crawl content within the path https://example.org/myapp/ .
If the "Ignore protocols in URLs to scan" option is enabled, then Burp will attempt to scan using both http:// and https:// for each specified URL.
You can override the default behavior and provide a different scope configuration by opening the "Detailed scope configuration" toggle. This lets you define the scope of the crawl using either URL prefixes or advanced matching rules, as for Burp's Target scope. Note that you still need to specify the URLs to scan, since these are the starting points for the crawl, and the URLs to scan must fall within the defined scope.
This section is displayed for the "Audit selected items" scan type. The URLs of the selected items are listed. Note that the same URL will appear more than once if there are multiple requests to the same URL with different parameters.
If you have made a large selection of items to scan, it is often useful to consolidate the selected items to improve the efficiency of the scan. Clicking "Consolidate items" displays a wizard that lets you choose whether to remove items with various features:
For each item, Burp shows the number of affected items. If any option would result in none or all of the items being removed, then this option will be unavailable.
The consolidation wizard then displays the full list of items that will be scanned. You can double-click any item in the list to view full request and response. You can manually remove any further items that you do not wish to scan.
The "Scan configuration" section of the scan launcher lets you select configurations to control how the scan is carried out.
You can select multiple configurations, and these will be applied in turn to determine the final configuration that is used for the scan. This allows you to apply a general configuration first (for example, your preferred general scan settings), followed by a more specific configuration (for example, some specific options that are useful for this particular application). If no configurations are selected, then Burp Scanner's default settings will be used.
You can create new configurations on the fly, or select existing configurations from your library, or import from a configuration file.
The "Application login" section of the scan launcher lets you specify account credentials that should be submitted to any login functions. The crawler will use these to discover authenticated content behind login functions. The crawler will also attempt to self-register accounts, and use these credentials in addition to those provided.
This section is not available when "Audit selected items" is selected as the scan type, because no crawling is performed.
The "Resource pool" section of the scan launcher lets you specify the resource pool in which the scan will be run. Resource pools are used to manage the usage of system resources across multiple tasks. Each resource pool can be configured with different settings for the maximum number of concurrent requests, and throttling between requests.