Key Configuration Options in Burp Suite

Burp contains a wealth of configuration options, which it is often necessary to use at different stages of your testing, to ensure that Burp works with your target application in the way you require. This article describes some of the options you are likely to need,

Display Settings


You can configure the font and character set used to display HTTP messages, and also the font in Burp's own UI.

Target Scope


The target scope configuration tells Burp the items that you are currently interested in and willing to attack. You should configure this early in your testing, as it can control which items are displayed in the Proxy history and Target site map, which messages are intercepted in the Proxy, and which items may be spidered and scanned.




If the application server employs any platform level (HTTP) authentication, you configure Burp to handle the authentication automatically.

Session Handling


Many applications contain features that can hinder automated or manual testing, such as reactive session termination, use of per-request tokens, and stateful multi-stage processes. You can configure Burp to handle most of these situations seamlessly, using a combination of session handling rules and macros.

Task Scheduling


You can configure Burp to schedule tasks at given times or intervals, to allow you to work within specified testing windows.