Enterprise Edition

Adding new sites

  • Last updated: January 29, 2024

  • Read time: 3 Minutes

In order to scan a website, you first need to add it to Burp Suite Enterprise Edition. Adding a site's details makes it possible to take full advantage of Burp Suite Enterprise Edition's analytics features, which enable you to track issues with your site over time. Most of Burp Suite Enterprise Edition's data and configuration options are managed on a per-site basis.

You can add as many sites as you need at no extra cost. Burp Suite Enterprise Edition licenses are based around the number of concurrent scans you can run, not the number of sites added to the system.

Note

Your scanning machines must be able to access the sites you want to scan. For information on allowing access, see Configuring your environment network and firewall settings.

To add a site:

  1. Select Sites > Add a new site to display the Create a new site page.
  2. Enter a unique Site name.
  3. To add the site to an existing folder, select from the Add site to a folder drop-down menu. If you leave this field blank then the site is created at the top level of the site tree.
  4. Enter the Start URLs that you want all the scans of this site to start from. No wildcards are permitted.
  5. If necessary, add URL prefixes to add or remove URLs from the site scope. For more information, see setting the site scope.
  6. If necessary, specify your own protocols instead of HTTP & HTTPS. For more information, see Protocol Settings.
  7. Scroll down to Scan settings > Scan configuration and select a scan configuration for the site. You can either use a preset scan mode or a custom configuration. For more information, see Defining the scan configuration for a site.
  8. Click Save.

Burp Suite Enterprise Edition adds the new site to the site tree and prompts you to perform a pre-scan check.

If you want to run some test scans before you add your own sites, you can use vulnerable-website.com. This is a demo website with a few intentional vulnerabilities.

Optional settings for your new site

When you add a new site, you can configure a number of settings.

Detailed scope configuration

The site scope defines the locations that Burp Scanner can visit. By default, Burp Suite Enterprise Edition automatically uses your Start URLs to derive the list of In-scope URL prefixes.

You can manually edit or add URL prefixes to modify the site scope. This enables you to target Burp Scanner on the locations you're interested in, and exclude any locations you want to avoid. For more information, see setting the site scope.

Protocol settings

If you don't specify a protocol, Burp Scanner uses both HTTP and HTTPS. To specify your own protocols:

  1. Under Site scope > Protocol settings, select Scan using my specified protocols.
  2. Enter https:// or http:// at the beginning of the Start URL.
  3. Enter https:// or http:// at the beginning of any URLs you added in the In-scope URL prefixes or Out-of-scope URL prefixes tabs.

Scan settings

You can specify a range of optional settings for your scan. For example, you can set:

  • Scan configurations
  • Application logins
  • Extensions

To specify these, go to Scan settings for your site or folder. For more information, see Configuring site settings.

Note

We recommend keeping a consistent scan configuration for each site you add. Changing the scan configuration can affect vulnerability trends over time and cause Burp Suite Enterprise Edition to give inaccurate time estimates while scanning.

If you want to scan a site that you have already added with a new configuration, we recommend adding the site again with the new configuration selected.

Related pages

Was this article helpful?