Burp scan configuration. # builtin: # - "Crawl and Audit - CICD Optimized"...

Burp scan configuration. # builtin: # - "Crawl and Audit - CICD Optimized" # - "Crawl limit - 10 minutes" # # You can replace the list with the environment variable BURP_SCAN_CONFIGURATIONS. This page explains the settings changed in each built-in configuration, and gives example use cases for them. Feb 23, 2026 · Burp includes a number of built-in scan configurations that enable you to modify how Burp Scanner crawls and audits web applications. Vulnerability Scanning Tools Description Web Application Vulnerability Scanners are automated tools that scan web applications, normally from the outside, to look for security vulnerabilities such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal and insecure server configuration. Default – This is the same as the Crawl and Audit - Lightweight built-in configuration. Oct 1, 2025 · If settings in two or more scan configurations conflict, the setting from the last configuration in the list takes precedence. Step one - installing the software on your machine. Configure and run scans to identify vulnerabilities, generate detailed reports, and communicate findings effectively using the Scanner’s multiple output formats. It uses Rules to automatically trigger active scanning profiles when specific passive conditions are detected — creating intelligent, context-aware scanning workflows. For configuration options, see Configuration Reference. Feb 23, 2026 · How to get started with Burp Suite Professional / Burp Suite Community Edition. Each step can define its own payloads, match rules, and detection logic. Feb 23, 2026 · Read time: 2 Minutes Both Burp Suite DAST and Burp Suite Professional enable you to use custom scan configurations, giving you fine-grained control over Burp Scanner's behavior. Here, you can review the By-default profiles. 2 days ago · Overview Relevant source files This page introduces the TruffleHog Burp Suite Extension: what problem it solves, how it integrates with Burp Suite, and a summary of the three source files that make up the extension. Custom configurations enable you to fine-tune Burp Scanner's behavior to meet your needs. Burp-Suite-Pro-Scan-Profiles Custom scan profiles for use with Burp Suite Pro. The following configurations are available for Orchestration scans. . In the popup, select "Import" and import the json files from this repository. Oct 28, 2025 · Scan Configuration The predefined configuration to use for the scan. You can also add your own custom configurations. The Burp extension provides access to Burp Suite's capabilities: WebSocket Server - Listens for connections from the MCP server on a configurable port (default: 8198) Montoya API Integration - Uses Burp's official extension API to access proxy history, site maps, scanner, and HTTP request capabilities Traffic Storage - Maintains a thread-safe circular buffer of captured HTTP traffic, indexed The kali-burp-mcp-bridge server is designed to run locally or behind a trusted boundary (e. You can use custom configurations in several ways: Use one of the built-in configurations from the configuration library. All scan steps have at least one configuration. Oct 16, 2023 · The Burp Suite Scanner is a highly effective tool for testing web applications for vulnerabilities. g. For a detailed list of Burp's built-in configurations, see Burp Scanner built-in configurations. , internal lab environment, VPN, or secured reverse proxy) and is expected to be protected by an authentication token or equivalent access control mechanism at deployment time. However, we can customize our scan profile to our specific requirements. To import, select "Burp" in the top left taskbar and select "Configuration library". #8 Burp Configuration Library (Create custom scan configurations) Burp Suite has a wide range of scan configurations, such as critical issues only, extensions only, and so on. Feb 23, 2026 · They offer a quick way to adjust how the scan balances speed and coverage. Feb 23, 2026 · Burp includes a range of built-in setting configurations for common tasks. For a full architectural breakdown, see Architecture. 4 days ago · 🚀 Launching an Active Scan From Context Menu (Recommended) ⭐ Select one or more requests from Proxy History, Target Site Map, Repeater, or any other Burp tool Right-click and select Active Scan (under the Burp Bounty Pro submenu) The URL Filter popup appears with scan configuration options Smart Scan is one of the most powerful features of Burp Bounty Pro. These are built-in configurations provided by Burp Enterprise. Navigate to Burp > Configuration Library > Built-in. Nov 27, 2023 · Before customizing scan profiles, let’s first take a moment to explore the default ones available in Burp Suite. Create an entirely new configuration. You can either use the built-in custom configurations from the configuration library, or create your own configurations from scratch. In Burp Suite, right-click on target URLs in Target > Site Map, Proxy History, or Repeater Select Active Scan from the Burp Bounty Pro context menu The URL Filter popup appears — review the URLs, configure Scanner Settings (Threads, Concurrency, RPS), and click OK Burp Bounty Pro launches the scan with your per-scan settings 🎯 🔗 Multi-Step Scanning Profiles now support multiple steps, enabling complex attack chains and multi-stage vulnerability testing. Includes cookie reuse across steps for authenticated workflows, per-step request/response viewing in scan results, and path discovery per step. Jul 15, 2022 · Do you know Burp Suite has this by default, and this can be found under Target > Issue Definitions. To access the configuration library, go to the Settings dialog. It’s a great way to understand how specific options define each profile and what they’re designed to target. For step-by-step installation, see Getting Started. exu kdn bjf ovq edz srn rds qqq yqr brq xgp cuz zti qfj ghy