Using Burp Suite Enterprise: Creating a custom scan configuration

Burp Suite Enterprise has a variety of preset scan configurations to help you customize your testing. Additionally, you can load scan and project configuration files from Burp Suite Professional. This tutorial demonstrates the process using two examples; setting audit checks to specific issue types and loading platform authentication settings.

You can learn more about Burp Suite Enterprise Edition on our Enterprise documentation page.

Burp_Ent_Config_1

The first step is to create a configuration file in Burp Suite Professional.

In the first example we are creating a scan configuration file. The file will ensure we only test for SQLi issues.

Go to Dashboard > New Scan > Scan Configuration > New >Auditing.

Burp_Ent_Config_2

In the New scanning configuration, select the appropriate settings, chose a configuration name, check the Save to library checkbox and click Save.

Burp_Ent_Config_3

To export the file go to Burp > Configuration library and use the Export function.

Save the file to an appropriate location.

Burp_Ent_Config_4

In Burp Suite Enterprise, go to Scans > New scan > Scan configurations.

You can use the Scan configurations settings to load the .json scan configuration file.

Burp_Ent_Config_5

Once loaded, the file will appear in the console.

The file will save below the preset scan files in the dropdown menu for future use.

Burp_Ent_Config_6

You can also use Burp Suite Professional project configuration files to customise your testing.

In this example we are configuring Platform Authentication settings.

Go to Project options > Connections > Platform Authentication > Override user options.

Add the appropriate details then use the config icon > Save options.

Burp_Ent_Config_7

Load the .json project configuration file via the Scan configurations settings.

Click the Save function to confirm and begin scanning.

Burp_Ent_Config_8

Additionally, you can load configuration files as preset defaults for Sites.

In Burp Enterprise, go to Sites > Site details > Default scan configurations.