Burp Spider Documentation - Control Tab
This tab is used to start and stop Burp Spider, monitor its progress, and
define the spidering scope.
Use these settings to monitor and control Burp Spider:
- Spider is paused / running - This toggle button is used to start and stop the Spider. While
the Spider is stopped it will not make any requests of its own, although it
will continue to process responses generated via Burp Proxy (if
passive spidering is enabled), and any newly-discovered
items that are within the spidering scope will be queued to be requested if
the Spider is restarted.
- Clear queues - If you want to reprioritize your work, you can completely
clear the currently queued items, so that other items can be added to the queue.
Note that the cleared items may be re-queued if they remain in-scope and the
Spider's parser encounters new links to the items.
The display also shows some metrics about the Spider's progress, enabling
you to see the size of the in-scope content and the work remaining to fully
All content discovered by the Spider is added to the main suite
This panel lets you define exactly what is in-scope
for the Spider to request.
The best way to handle spidering scope is normally using the suite-wide
target scope, and by default the Spider will
use that scope. If you need to define a different scope
for the Spider to use, then select "Use custom scope". A further configuration
panel will appear which functions in the same way as the suite-wide
target scope panel.
If you have selected to use a custom scope and you send any out-of-scope items
to the Spider, then Burp will automatically update this custom scope, rather
than the Suite scope.
Monday, January 16, 2017
This release adds various enhancements and fixes:
- There is a new command-line option to launch Burp with a specified user configuration file.
- A bug that was recently introduced that prevented license activation in headless mode has been fixed.
- The Content Discovery function now correctly handles applications that have wildcard behavior for file extensions (e.g. those that return a specific response for admin.xxx regardless of the file extension). This eliminates the only known false positives reported by the new Content Discovery engine.
See all release notes ›