login

Burp Suite, the leading toolkit for web application security testing

Active Scan Queue

Active scanning typically involves sending large numbers of requests to the server for each base request that is scanned, and this can be a time consuming process. When you send requests for active scanning, these are added to the active scan queue, in which they are processed in turn.

The scan queue displays the following details about each item:

This information lets you easily monitor the progress of individual scan items. If you find that some scans are progressing too slowly, you can understand the reasons why, such as large numbers of insertion points, slowness in application responses, network errors, etc. Given this information, you can then take action to optimize your scans, by changing the configuration for insertion points, the scanning engine, or the active scanning areas being tested.

You can double-click any item in the scan queue to display the issues identified so far, and view the base request and response for the item.

You can use the context menu on the scan queue to perform various actions to control the scanning process. The exact options that are available depend upon the status of the selected item(s), and include:

Annotations

You can annotate scan queue items by adding comments and highlights. This can be useful to flag up interesting items for further investigation or to help manage manual operations on a large queue.

You can add highlights in two ways:

You can add comments in two ways:

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Monday, January 16, 2017

1.7.16

This release adds various enhancements and fixes:

  • There is a new command-line option to launch Burp with a specified user configuration file.
  • A bug that was recently introduced that prevented license activation in headless mode has been fixed.
  • The Content Discovery function now correctly handles applications that have wildcard behavior for file extensions (e.g. those that return a specific response for admin.xxx regardless of the file extension). This eliminates the only known false positives reported by the new Content Discovery engine.

See all release notes ›

Copyright © 2016 PortSwigger Ltd. All rights reserved.