Add a website to scan
You need to create a "site" in Burp Suite Enterprise Edition to represent each website or web application that you want to scan and track. You also manage several settings on a site-by-site basis. The "Sites" page contains a list of sites, known as the site tree. You can create folders and subfolders to organize the site tree into a more manageable, hierarchical structure. Later, we'll also show you how you can manage user authorizations based on folders.
Once you've run a few scans, the "Sites" page will also provide an overview of how many issues need your attention in each site or folder. At the moment, the "Sites" page is empty, so let's get to work adding our first site.
- In the next step of the wizard, enter a name for the site to help you identify it. This can be anything you want, but for now, let's just call it "Dummy site".
Under "Site URL", you normally enter the highest-level URL that you want to include in scans of this site. All subdirectories of this URL will be scanned by default. As we want to scan our entire dummy site, we'll just enter the root path,
portswigger-labs.net/. If you wanted to enter multiple URLs for the same site, you could add "Included URLs" in the advanced options, but we're only using one URL for now.
/index_files/on our dummy site might contain some sensitive information. To be on the safe side, let's exclude it from scans. Expand the "Advanced options" section and, under "Excluded URLs", enter
portswigger-labs.net/index_files/. All scans on this site will now skip this path.
- As we want to scan using both HTTP and HTTPS, select this option in the protocol settings.
- Under "Application logins", you can enter any usernames and passwords for the site so that the scan can access areas that are restricted to logged in users. However, we don't need to do anything here for our dummy site, so you can leave it blank.
- A scan configuration is essentially a list of settings to fine-tune the scan's behavior to your needs. Burp Suite Enterprise Edition provides the same predefined scan configurations as Burp Suite Professional. Under "Default scan configurations", you can select scan configurations that will always be preselected for any new scans you create for this site. If you want, you can overwrite this default later when creating an individual scan. For now, select "Crawl strategy - fastest".
- Later, we'll show you how to set up your email server so that users can receive scan completion reports. But for now, leave the "Email recipients for scan completion report" section blank.
Now you've got your first site set up in Burp Suite Enterprise Edition, let's try creating a scan. Click "Next" to continue the wizard.