Automated crawl and scan
Coverage of over 100 generic vulnerabilities, such as SQL injection and cross-site scripting (XSS), with great performance against all vulnerabilities in the OWASP top 10.
Different modes for scan speed, allowing fast, normal, and thorough scans to be carried out for different purposes.
Scan exactly what you want. You can perform a full crawl and scan of an entire host, or a particular branch of the site content, or an individual URL.
Support for numerous types of attack insertion points within requests, including parameters, cookies, HTTP headers, parameter names, and the URL file path.
Support for nested insertion pointsallowing automatic testing of custom application data formats, such as JSON inside Base64 inside a URL-encoded parameter.
Burp’s advanced application-aware crawler can be used to map out application contents, prior to automated scanning or manual testing.
Use fine-grained scope-based configuration to control exactly what hosts and URLs are to be included in the crawl or scan.
Automatic detection of custom not-foundresponses, to reduce false positives during crawling.
View real-time feedback of all actions being performed during scanning. The active scan queue shows the progress of each item that is queued for scanning. The issue
activity log shows a sequential record of all issues as they are added or updated.
Use the active scanning mode to interactively test for vulnerabilities like OS command injection and file path traversal.
Use the passive scanning mode to identify flaws such as information disclosure, insecure use of SSL, and cross-domain exposure.
You can place manual insertion pointsat arbitrary locations within requests, to inform the Scanner about non-standard inputs and data formats.
Burp Scanner can automatically move parameters between different locations, such as URL parameters and cookies, to help evade web application firewalls and other defenses.
You can fully control what gets scanned using live scanning as you browse. Each time you make a new request that is within your defined target scope, Burp automatically schedules the request for active scanning.
Burp can optionally report all reflected and stored inputs, even where no vulnerability has been confirmed, to facilitate manual testing for issues like cross-site scripting.
Different modes for scan accuracy, to optionally favor more false positives or negatives.
Burp Scanner is designed by industry-leading penetration testers. Its advanced feedback-driven scanning logic is designed to reproduce the actions of a skilled human tester.
Advanced crawling capabilities (including coverage of the latest web technologies such as REST, JSON, AJAX and SOAP), combined with its cutting-edge scanning engine, allow Burp to achieve greater scan coverage and vulnerability detection than other fully automated web scanners.
Burp has pioneered the use of highly innovative out-of-band techniques to augment the conventional scanning model. The Burp Collaborator technology allows Burp to detect server-side vulnerabilities that are completely invisible in the application’s external behavior, and even to report vulnerabilities that are triggered asynchronously after scanning has completed.
The Burp Infiltrator technology can be used to perform interactive application security testing (IAST) by instrumenting target applications to give real-time feedback to Burp Scanner when its payloads reach dangerous APIs within the application.
Burp’s scanning logic is continually updated with enhancements to ensure it can find the latest vulnerabilities and new edge cases of existing vulnerabilities. In recent years, Burp has been the first scanner to detect novel vulnerabilities pioneered by the Burp research team, including template injection and path-relative stylesheet imports.
The target site map shows all of the content that has been discovered in sites being tested. Content is presented in a tree view that corresponds to the sites’ URL structure. Selecting branches or nodes within the tree shows a listing of individual items, with full details including requests and responses where available.
Please login to view full content