|
|
| Line 1: |
Line 1: |
| [[Main Page | Home]] > [[BurpSuite]] > [[How to Scan Websites Using BurpSuite]]
| |
|
| |
|
| = Web Application Scanning Using Burp Suite =
| |
|
| |
| == Purpose ==
| |
| This Knowledge Base (KB) article explains how to configure and run a Burp Suite web application scan, including crawling behavior, authentication, auditing configuration, API crawling, JavaScript analysis, resource pools, and auto-throttling.
| |
|
| |
| == Scope ==
| |
| This procedure applies to all authorized web application vulnerability assessments using Burp Suite.
| |
|
| |
| == Burp Suite Scanning Steps ==
| |
|
| |
| <ol>
| |
| <li><b>Create a New Scan</b>
| |
| <ol>
| |
| <li>Open Burp Suite.</li>
| |
| <li>Navigate to the Dashboard and click <b>New Scan</b>.</li>
| |
| <li>Select one of the following modes:
| |
| <ul>
| |
| <li>Crawl and Audit</li>
| |
| <li>Crawl Only</li>
| |
| <li>API Scan Only</li>
| |
| </ul>
| |
| </li>
| |
| </ol>
| |
| </li>
| |
|
| |
| <li><b>Configure Scan Details</b>
| |
| <ol>
| |
| <li>Enter target URLs.</li>
| |
| <li>Select protocols (HTTP/HTTPS).</li>
| |
| <li>Define scan scope to restrict testing to approved systems.</li>
| |
| </ol>
| |
| </li>
| |
|
| |
| <li><b>Select Scan Configuration Profile</b>
| |
| <ul>
| |
| <li>Lightweight</li>
| |
| <li>Fast</li>
| |
| <li>Balanced</li>
| |
| <li>Deep</li>
| |
| <li>Custom</li>
| |
| </ul>
| |
| </li>
| |
|
| |
| <li><b>Configure Crawling</b>
| |
| <ol>
| |
| <li><b>Crawling Behaviour</b>
| |
| <ul>
| |
| <li>Fastest</li>
| |
| <li>Faster</li>
| |
| <li>Normal</li>
| |
| <li>More Complete</li>
| |
| <li>Most Complete</li>
| |
| </ul>
| |
| </li>
| |
|
| |
| <li><b>Crawl Limits</b>
| |
| <ul>
| |
| <li>Max duration (e.g., 150 minutes)</li>
| |
| <li>Max locations (e.g., 1500)</li>
| |
| <li>No fixed request limit (optional)</li>
| |
| </ul>
| |
| </li>
| |
|
| |
| <!-- MOVED INTO THIS SECTION AS REQUESTED -->
| |
| <li><b>Login Behaviour</b>
| |
| <ul>
| |
| <li>Configure authenticated scanning.</li>
| |
| <li>Define login verification conditions.</li>
| |
| <li>Enable logout detection.</li>
| |
| </ul>
| |
| </li>
| |
|
| |
| <li><b>API Crawling</b>
| |
| <ul>
| |
| <li>REST</li>
| |
| <li>SOAP</li>
| |
| <li>GraphQL</li>
| |
| </ul>
| |
| </li>
| |
|
| |
| <li><b>Browser Behaviour</b>
| |
| <ul>
| |
| <li>User-agent configuration</li>
| |
| <li>Dynamic rendering</li>
| |
| <li>JS execution control</li>
| |
| </ul>
| |
| </li>
| |
|
| |
| <li><b>Discovery Logic</b>
| |
| <ul>
| |
| <li>Hidden link discovery</li>
| |
| <li>Form submissions</li>
| |
| <li>Sitemap fetching</li>
| |
| </ul>
| |
| </li>
| |
| <!-- END MOVED SECTION -->
| |
|
| |
| </ol>
| |
| </li>
| |
|
| |
| <li><b>Audit Configuration</b>
| |
| <ol>
| |
| <li><b>Audit Behaviour</b>
| |
| <ul>
| |
| <li>Audit Speed (Fast / Normal)</li>
| |
| <li>Audit Accuracy (Normal / Thorough)</li>
| |
| <li>Maintain sessions</li>
| |
| <li>Follow redirects</li>
| |
| <li>Run crawl and audit in parallel</li>
| |
| <li>Set max scan time</li>
| |
| <li>Issue noise reduction</li>
| |
| <li>Network timeout configuration</li>
| |
| </ul>
| |
| </li>
| |
|
| |
| <li><b>Scan Checks</b>
| |
| <ul>
| |
| <li>SQL Injection</li>
| |
| <li>OS Command Injection</li>
| |
| <li>XSS</li>
| |
| <li>Path Traversal</li>
| |
| <li>LDAP Injection</li>
| |
| <li>Code Injection</li>
| |
| <li>SSTI and others</li>
| |
| </ul>
| |
| </li>
| |
|
| |
| <li><b>JavaScript Analysis</b>
| |
| <ul>
| |
| <li>Dynamic DOM analysis</li>
| |
| <li>Static JS analysis</li>
| |
| <li>Fetch missing/out-of-scope JS (optional)</li>
| |
| <li>30s analysis timeout each</li>
| |
| </ul>
| |
| </li>
| |
|
| |
| <li><b>Insertion Points Strategy</b>
| |
| <ul>
| |
| <li>URL parameters</li>
| |
| <li>Body parameters</li>
| |
| <li>Cookies</li>
| |
| <li>Headers</li>
| |
| <li>Path components</li>
| |
| <li>Nested insertion points</li>
| |
| <li>Limit max insertion points</li>
| |
| </ul>
| |
| </li>
| |
| </ol>
| |
| </li>
| |
|
| |
| <li><b>Application Login Configuration</b>
| |
| <ol>
| |
| <li>Use credentials or recorded login sequences.</li>
| |
| <li>Support adding, editing, and deleting entries.</li>
| |
| <li>Import/export login sequences using the library.</li>
| |
| </ol>
| |
| </li>
| |
|
| |
| <li><b>Resource Pool & Auto-Throttling Configuration</b>
| |
| <ol>
| |
| <li><b>Resource Pool Settings</b>
| |
| <ul>
| |
| <li>Maximum concurrent requests</li>
| |
| <li>Request delays</li>
| |
| <li>Execution concurrency</li>
| |
| </ul>
| |
| </li>
| |
|
| |
| <li><b>Auto-Throttling Behaviour</b>
| |
| <ul>
| |
| <li>Automatic slowdown on server latency increase</li>
| |
| <li>Adaptive concurrency reduction</li>
| |
| <li>Automatic backoff on repeated errors</li>
| |
| <li>Dynamic request pacing</li>
| |
| <li>Recommended settings:
| |
| <ul>
| |
| <li>Enable auto-throttle: YES</li>
| |
| <li>Minimum delay: 100–500 ms</li>
| |
| <li>Max concurrent requests: 1–2</li>
| |
| <li>Enable auto backoff: YES</li>
| |
| </ul>
| |
| </li>
| |
| </ul>
| |
| </li>
| |
| </ol>
| |
| </li>
| |
|
| |
| <li><b>Start the Scan</b>
| |
| <ol>
| |
| <li>Click <b>Scan</b> to begin.</li>
| |
| <li>Monitor progress from the Dashboard.</li>
| |
| <li>Review discovered issues in Issue Activity.</li>
| |
| </ol>
| |
| </li>
| |
|
| |
| <li><b>Review and Export Results</b>
| |
| <ol>
| |
| <li>Open the scan report.</li>
| |
| <li>Filter vulnerabilities by severity:
| |
| <ul>
| |
| <li>Critical</li>
| |
| <li>High</li>
| |
| <li>Medium</li>
| |
| <li>Low</li>
| |
| </ul>
| |
| </li>
| |
| <li>Export results as HTML or XML.</li>
| |
| </ol>
| |
| </li>
| |
| </ol>
| |
|
| |
| == Summary ==
| |
| This KB provides a complete walkthrough of how to scan web applications using Burp Suite.
| |
