1. Support Center
  2. Documentation
  3. Desktop editions
  4. Scanning web sites
  5. Scan launcher

Scan launcher

You can launch scans via the "New scan" button on the Burp Dashboard or the "Scan" option on the context menu that appears throughout Burp. Using one of these methods will display the scan launcher, which lets you configure various details of the scan.

Scan details

The "Scan details" section of the scan launcher lets you select the scan type, and the details of what will be scanned.

Scan type

The following scan types can be selected:

Depending on the scan type that is selected, the scan launcher will show options for the scope of the scan or the individual items to be scanned.

URLs to scan

This section is displayed for "Crawl and audit" and "Crawl" scan types. You can configure one or more URLs from which Burp will perform the crawl. These URLs will be the starting point of the crawl, and Burp will follow links from there into the application.

By default, the scope of the crawl will be restricted to the configured URLs truncated to the final folder (if any). For example, if you specify a start URL of https://example.org/myapp/welcome.php then the crawler will begin at this URL, and will crawl content within the path https://example.org/myapp/. Note that Burp identifies the final folder based on the final slash (/) in the URL. Therefore, it is important to include the closing slash when entering a URL that ends with a folder. Otherwise, if you enter https://example.org/myapp/myfolder, for example, all content within the path https://example.org/myapp/ will be considered in-scope.

You can override the default behavior and provide a different scope configuration by opening the "Detailed scope configuration" toggle. This lets you define the scope of the crawl using either URL prefixes or advanced matching rules, as for Burp's Target scope. Note that you still need to specify the URLs to scan, since these are the starting points for the crawl, and the URLs to scan must fall within the defined scope.

Note that specifying the protocol for each URL is optional. If you want to scan a URL using both HTTP and HTTPS, you can simply enter example.org.

Protocol settings

You have the following options to control which protocol is used to scan your URLs:

Note that even when you choose to scan a URL using both HTTP and HTTPS, if Burp identifies that the content is the same, it will only crawl and audit the location once.

Items to scan

This section is displayed for the "Audit selected items" scan type. The URLs of the selected items are listed. Note that the same URL will appear more than once if there are multiple requests to the same URL with different parameters.

If you have made a large selection of items to scan, it is often useful to consolidate the selected items to improve the efficiency of the scan. Clicking "Consolidate items" displays a wizard that lets you choose whether to remove items with various features:

For each item, Burp shows the number of affected items. If any option would result in none or all of the items being removed, then this option will be unavailable.

The consolidation wizard then displays the full list of items that will be scanned. You can double-click any item in the list to view full request and response. You can manually remove any further items that you do not wish to scan.

Scan configuration

The "Scan configuration" section of the scan launcher lets you select configurations to control how the scan is carried out.

You can select multiple configurations, and these will be applied in turn to determine the final configuration that is used for the scan. This allows you to apply a general configuration first (for example, your preferred general scan settings), followed by a more specific configuration (for example, some specific options that are useful for this particular application). If no configurations are selected, then Burp Scanner's default settings will be used.

You can create new configurations on the fly, or select existing configurations from your library, or import from a configuration file.

Application login options

Note: This section is not available when using the "Audit selected items" scan type because no crawling is performed.

The "Application login" section of the scan launcher lets you provide valid sets of credentials that Burp Scanner should submit when it encounters any login forms. This enables it to discover and audit content that is only accessible to authenticated users.

You can also save application logins to your configuration library. This allows you to reuse the same set of credentials for future scans.

The following options are available for providing application logins. Please note that you can only use one of these options per scan; if you enter sets of basic login credentials, but then select the "Use recorded logins" option instead, the login credentials that you entered will be ignored.

Use login credentials

For basic, single-step login functions, you can simply add a list of username:password pairs that Burp Scanner should use. By default, the crawler will also attempt to self-register accounts and use these credentials in addition to any that you provide.

This works well for classic login forms with only 2 input fields. However, if the form contains additional fields and inputs, this may cause issues that prevent the crawler from logging in.

With this option selected, the crawler will also be unable to deal with more complex login processes involving single sign-on, for example. In this case, we recommend importing a recorded login sequence to ensure maximum coverage for your scan.

Use recorded login sequences

If the target website uses a more complex login process, you might need to help Burp Scanner understand how to perform the actions required to successfully log in. You can do this by importing a recorded login sequence.

Resource pool options

The "Resource pool" section of the scan launcher lets you specify the resource pool in which the scan will be run. Resource pools are used to manage the usage of system resources across multiple tasks. Each resource pool can be configured with different settings for the maximum number of concurrent requests, and throttling between requests.