Active scanning typically involves sending large numbers of requests to the server for each base request that is scanned, and this can be a time consuming process. When you send requests for active scanning, these are added to the active scan queue, in which they are processed in turn.
The scan queue displays the following details about each item:
This information lets you easily monitor the progress of individual scan items. If you find that some scans are progressing too slowly, you can understand the reasons why, such as large numbers of insertion points, slowness in application responses, network errors, etc. Given this information, you can then take action to optimize your scans, by changing the configuration for insertion points, the scanning engine, or the active scanning areas being tested.
You can double-click any item in the scan queue to display the issues identified so far, and view the base request and response for the item.
You can use the context menu on the scan queue to perform various actions to control the scanning process. The exact options that are available depend upon the status of the selected item(s), and include:
Get help and join the community discussions at the Burp Suite Support Center.
This release adds a new scan check for external service interaction and out-of-band resource load via injected XML doctype tags containing entity parameters.
Burp Scanner now modifies XML in requests to inject a doctype tag that defines an XML entity parameter that references a Burp Collaborator URL, and reports an appropriate issue based on any observed interactions (DNS or HTTP) that reach the Burp Collaborator server.