ENTERPRISE

Adding new sites

  • Last updated: September 9, 2022

  • Read time: 3 Minutes

In order to scan a website, you first need to add it to Burp Suite Enterprise Edition. Adding a site's details makes it possible to take full advantage of Burp Suite Enterprise Edition's analytics features, which enable you to track issues with your site over time. Most of Burp Suite Enterprise Edition's data and configuration options are managed on a per-site basis.

You can add as many sites as you need at no extra cost. Burp Suite Enterprise Edition licenses are based around the number of concurrent scans you can run, not the number of sites added to the system.

Note

Your scanning machines must be able to access the sites you want to scan. For information on allowing access, see Configuring your environment network and firewall settings.

To add a site:

  1. Select Sites > Add a new site to display the Create a new site page.
  2. Enter a unique Site name.
  3. If required, select a Site folder. If you leave this field blank then the site is created at the top level of the site tree.
  4. Enter the highest-level URL that you want to include in scans of the site into the Site URL field. This is the seed URL from which Burp Scanner will start navigating through your site. No wildcards are permitted.
  5. Optionally, select Additional / Excluded URLs and specify which URLs are in scanning scope for the site:
    • To include additional URLs that are part of the same web application but not contained under the specified Site URL, enter the relevant addresses into Include URLs.
    • To exclude URLs from scope, enter the relevant addresses into Exclude URLs.
  6. Select whether you want to Scan using HTTP & HTTPS or Scan using my specified protocols. If you select Scan using my specified protocols then you must specify a protocol at the start of the Site URL and the URLs in the Additional / Excluded URLs section.
  7. Scroll down to Scan settings > Scan configuration and select a scan configuration for the site. You can either use a preset scan mode or a custom configuration:
    • To use a preset scan mode, ensure that Use a preset scan mode is selected and choose one of the available options.
    • To select a custom configuration, select Use a custom configuration and choose the configuration you want to add from the list. For information on creating custom configurations, see Using custom scan configurations.
  8. Select Save.

Burp Suite Enterprise Edition adds the new site to the site tree and prompts you to perform a connection check.

If you want to run some test scans before adding your own sites, consider adding vulnerable-website.com. This is a demo website with a few intentional vulnerabilities.

If you want to run some test scans before adding your own sites, consider adding vulnerable-website.com. This is a demo website with a few intentional vulnerabilities.

Note

We recommend keeping a consistent scan configuration for each site you add. Changing the scan configuration can affect vulnerability trends over time and cause Burp Suite Enterprise Edition to give inaccurate time estimates while scanning.

If you want to scan a site that you have already added with a new configuration, we recommend adding the site again with the new configuration selected.

Related pages

Was this article helpful?