Burp Suite, the leading toolkit for web application security testing

Active Scan Queue

Active scanning typically involves sending large numbers of requests to the server for each base request that is scanned, and this can be a time consuming process. When you send requests for active scanning, these are added to the active scan queue, in which they are processed in turn.

The scan queue displays the following details about each item:

This information lets you easily monitor the progress of individual scan items. If you find that some scans are progressing too slowly, you can understand the reasons why, such as large numbers of insertion points, slowness in application responses, network errors, etc. Given this information, you can then take action to optimize your scans, by changing the configuration for insertion points, the scanning engine, or the active scanning areas being tested.

You can double-click any item in the scan queue to display the issues identified so far, and view the base request and response for the item.

You can use the context menu on the scan queue to perform various actions to control the scanning process. The exact options that are available depend upon the status of the selected item(s), and include:


You can annotate scan queue items by adding comments and highlights. This can be useful to flag up interesting items for further investigation or to help manage manual operations on a large queue.

You can add highlights in two ways:

You can add comments in two ways:

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Monday, October 19, 2015


This release updates Burp to include a security fix in the BlazeDS library that Burp uses for parsing AMF messages, and disables AMF support by default.

Burp's cookie jar has been updated to support the cookie path attribute.

The functions to save and restore state now include options for handling the unique identifier that Burp uses to track interactions with Burp Collaborator.

See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.