Deploying additional agent machines

  • Last updated: January 19, 2022

  • Read time: 3 Minutes

When you performed the initial installation of Burp Suite Enterprise Edition, you probably chose to use the machine for the Enterprise server and web server as a bundled agent machine. However, assigning too many agents to the same agent machine can cause performance issues. In this case, you might want to deploy one or more dedicated agent machines to ease the load on your Enterprise server machine.

Setting up a new agent machine

The setup process for a new agent machine uses the same installer you used for the initial installation of Burp Suite Enterprise Edition. However, you might need to download a different installer if your intended agent machine uses a different operating system.


Please ensure that the Enterprise server is able to connect to https://portswigger.net throughout the agent machine setup process. This is necessary in order for the system to enable the new agent machine.

  1. On the machine that you want to use as a new agent machine, log in to your account page on portswigger.net.
  2. Under "Your licenses and products", download the installer for the same version of Burp Suite Enterprise Edition that is installed on your Enterprise server machine.
  3. Open the installer and follow the same process as you did when installing Burp Suite Enterprise Edition. However, when asked which components you want to install, make sure that you deselect the option for the Enterprise server and web server.
  4. When prompted, enter the hostname or IP address of the machine where you previously installed the Enterprise server. External agent machines will automatically access the Enterprise server on port 8072.
  5. When the installation is complete, you will be given a fingerprint of the agent machine's public key. You need to keep this to authorize the new agent machine later.
External agent machines

Authorizing a new agent machine

Communication between agents and the Enterprise server is protected by mutually authenticated TLS. When you set up a new agent machine, it will generate a unique fingerprint, which acts as a public key, and send an authorization request to your Enterprise server. When the Enterprise server receives an authorization request, it displays the fingerprint that was used in the TLS negotiation. You compare this fingerprint with the fingerprint that you generated when setting up the new agent machine to make sure that communication is happening directly with the authentic agent before authorizing it.

  1. Log in to the web UI as an administrator and go to the "Agents" page.
  2. On the "Authorization requests" tab, you should see a pending authorization request showing the IP address of the new agent machine (or, if NAT is being used on the network, the IP address from which the agent machine's connection was received) and the public key fingerprint.
  3. Choose the agent machine pool that the agent machine will belong to. For more details, see Managing agent machine pools.
  4. Compare the public key fingerprint shown with the one that you saved after setting up the new agent machine. If they match, click "Authorize".

This agent machine will now be available for use on the "Agents" page and you can start assigning agents to it.