Last updated: September 21, 2023
Read time: 1 Minute
By default, Burp Scanner uses an embedded Chromium browser to navigate during both the crawl and audit phases of a scan. This enables it to accurately handle virtually any client-side technology that a modern browser can, which offers dramatically increased coverage compared to a regular crawler engine.
Use cases for browser-powered scanning
Browser-powered scanning enables you to test modern websites comprehensively. For example, some websites have a dynamically generated UI that is not present in raw HTML. A regular crawler engine would miss key vulnerabilities as it would be unable to render the full content. Burp Scanner is able to load the page and execute any scripts required to build the UI, before continuing to crawl as normal.
When using browser-powered scanning, you can also record and upload full login sequences. This means that Burp Scanner can handle complex login mechanisms, including single sign-on.
Was this article helpful?
An error occurred, please try again.