ENTERPRISE

Adding new sites

  • Last updated: June 21, 2022

  • Read time: 5 Minutes

In order to scan a website, you first need to add it to Burp Suite Enterprise Edition.

The created site stores the seed URLs that you want to scan as well as settings about how they should be scanned.

You can add new sites to the site tree either individually, or by uploading a CSV file.

Adding individual sites

To add a site, you first need to provide some basic information about it. You can edit this information later.

  1. Select Sites > Add a new site to display the Create a new site page. Alternatively, select a folder and click New site to create a site within that folder.
  2. Enter a Site name. Each site must have a unique name within its parent folder.
  3. Optionally, select a Site folder. If you leave this field blank then the site is created in the root folder at the top level of the site tree.
  4. Enter the highest-level URL that you want to include in the scans into the Site URL field. All subdirectories of this URL are scanned by default. No wildcards are permitted.
  5. Use the radio buttons to select whether you want to Scan using HTTP & HTTPS or Scan using my specified protocols. If you select Scan using my specified protocols then you must specify a protocol at the start of each URL.
  6. Click Save to save your changes and create the new site.

Specifying which URLs to scan

You can specify which URLs are in scanning scope using the Additional / Excluded URLs section:

  • Under Include URLs, you can specify additional URLs to be included in scans of this site. For example, you can add any relevant subdomains. To add multiple URLs, start each one with a new line.
  • Under Exclude URLs, you can specify any URLs for the site that should not be scanned. For example, you could exclude any paths containing sensitive information to prevent data from being leaked in the scan results.

Configuring advanced settings

The tabs in the Advanced settings section contain optional site settings. You can specify these settings when creating a site. You can also change them on an existing site by selecting the site from the site tree and then going to Details > Edit.

Scan configurations

The Scan configurations tab enables you to specify one or more scan configurations to use when scanning the site. Select scan configurations from the list or upload a custom configuration in JSON format.

If you do not specify a scan configuration on this tab, then Burp Scanner uses its default configuration.

More information

For more information on working with scan configurations, including an explanation of how multiple scan configurations combine, see the Scan configurations page.

Application logins

The Application logins tab enables you to provide login credentials for areas of the site that are restricted to registered users. Burp Scanner uses these credentials when crawling the site.

Some sites may only require simple username and password pairs. To specify credentials, follow these steps:

  1. From the Application logins tab, make sure that the Add usernames and passwords radio button is selected and click Add login credentials. The system displays a dialog box.
  2. Enter a Label. This is an identifying name given to the set of credentials within the UI.
  3. Enter a Username and Password and click Save.

The system saves your changes and adds the new credentials to the list on the Application logins tab.

For sites with more complex login mechanisms, you may need to provide a recorded login sequence. This enables Burp Scanner to handle logins with additional fields and SSO features, for example.

You can record login sequences using Burp's Chrome Extension. To add a recorded login, follow these steps:

  1. From the Application logins tab, select the Upload recorded login sequences radio button.
  2. Click Add a recorded login.
  3. Enter a Label into the dialog box. This is an identifying name given to the sequence within the UI.
  4. Paste the login script into the Paste script box and click Save.

The system saves your changes and adds the new sequence to the list on the Application logins tab.

To delete an application login, click the relevant trash icon. To add more sets of credentials to the list, click the plus icon.

Note

For more information on managing site login details, including a guide to recording login sequences using the browser extension, see the Configuring login details for sites page.

Extensions

The Extensions tab enables you to select extensions that Burp Suite Enterprise Edition uses when scanning the site. To add an extension to the site, select it from the list.

The list displays all extensions that are in your extensions library.

Note

For more information on using extensions in Burp Suite Enterprise Edition, including details of how to manage your extension library, see the Extensions for Burp Suite Enterprise Edition page.

Scanning pool

The Scanning pool tab enables you to select the scanning pool that the site belongs to. If you do not select a pool then the site is assigned to the default scanning pool.

The Scanning pool tab is only displayed for standard deployments of Burp Suite Enterprise Edition. Kubernetes deployments do not use scanning pools.

Note

For further details on managing scanning pools, see Managing scanning pools.

Scan notifications

The Scan notifications tab enables you to select Slack channels that should receive notifications when a scan starts, fails, or finishes. This option is only available if your administrator has configured a Slack integration.

Note

For further details on using Slack with Burp Suite Enterprise Edition, see the Integrating Burp Suite Enterprise Edition with Slack page.

Importing sites in bulk

You can add sites in bulk using a CSV file. To simplify this process, Burp Suite Enterprise Edition provides a premade CSV template for you to download. The template file has a sample site and instructions. Only the columns marked as mandatory are required.

  1. Click Sites in the menu bar.
  2. Click Import sites.
  3. Click Download CSV template and open the sites-template.csv file in a spreadsheet or text editor.
  4. Add your sites to the template in the same format as the example.
  5. Delete the first three rows/lines of the file, including the header row, then save the file as a CSV.
  6. On the Import sites window, click Choose file and select the file you have just saved.
  7. Select a folder to add the imported sites to and click Import.

The system imports the sites in the file and adds them to the selected folder.