Adding new sites
Last updated: September 14, 2023
Read time: 3 Minutes
In order to scan a website, you first need to add it to Burp Suite Enterprise Edition. Adding a site's details makes it possible to take full advantage of Burp Suite Enterprise Edition's analytics features, which enable you to track issues with your site over time. Most of Burp Suite Enterprise Edition's data and configuration options are managed on a per-site basis.
You can add as many sites as you need at no extra cost. Burp Suite Enterprise Edition licenses are based around the number of concurrent scans you can run, not the number of sites added to the system.
Your scanning machines must be able to access the sites you want to scan. For information on allowing access, see Configuring your environment network and firewall settings.
To add a site:
- Select Sites > Add a new site to display the Create a new site page.
- Enter a unique Site name.
- To add the site to an existing folder, select from the Add site to a folder drop-down menu. If you leave this field blank then the site is created at the top level of the site tree.
- Enter the Start URLs that you want all the scans of this site to start from. No wildcards are permitted.
- If necessary, add URL prefixes to add or remove URLs from the site scope. For more information, see setting the site scope.
- If necessary, specify your own protocols instead of HTTP & HTTPS. For more information, see Protocol Settings.
- Scroll down to Scan settings > Scan configuration and select a scan configuration for the site. You can either use a preset scan mode or a custom configuration. For more information, see Defining the scan configuration for a site.
- Click Save.
Burp Suite Enterprise Edition adds the new site to the site tree and prompts you to perform a pre-scan check.
If you want to run some test scans before you add your own sites, you can use
vulnerable-website.com. This is a demo website with a few intentional vulnerabilities.
Optional settings for your new site
When you add a new site, you can configure a number of settings.
Detailed scope configuration
The site scope defines the locations that Burp Scanner can visit. By default, Burp Suite Enterprise Edition automatically uses your Start URLs to derive the list of In-scope URL prefixes.
You can manually edit or add URL prefixes to modify the site scope. This enables you to target Burp Scanner on the locations you're interested in, and exclude any locations you want to avoid. For more information, see setting the site scope.
If you don't specify a protocol, Burp Scanner uses both HTTP and HTTPS. To specify your own protocols:
- Under Site scope > Protocol settings, select Scan using my specified protocols.
http://at the beginning of the Start URL.
http://at the beginning of any URLs you added in the In-scope URL prefixes or Out-of-scope URL prefixes tabs.
You can specify a range of optional settings for your scan. For example, you can set:
- Scan configurations
- Application logins
To specify these, go to Scan settings for your site or folder. For more information, see Configuring site settings.
We recommend keeping a consistent scan configuration for each site you add. Changing the scan configuration can affect vulnerability trends over time and cause Burp Suite Enterprise Edition to give inaccurate time estimates while scanning.
If you want to scan a site that you have already added with a new configuration, we recommend adding the site again with the new configuration selected.
- Managing scheduled scans - explains how to schedule scans for your new site.
- Defining scan configuration for a site - explains how to create and work with scan configurations.
- Configuring site settings - explains the optional scan settings you can configure for a site.
- Configuring your environment network and firewall settings.
- Importing sites in bulk - explains how to add multiple sites at once.
- Burp Scanner built-in configurations - reference information on Burp Scanner's built-in scan configurations.
- Adding recorded login sequences.
- Performing a pre-scan check.
Was this article helpful?
An error occurred, please try again.