![]() The crawler will also attempt to self-register accounts, and use these credentials in addition to those provided. The crawler will use these to discover authenticated content behind login functions. The "Application login" section of the scan launcher lets you specify account credentials that should be submitted to any login functions. You can create new configurations on the fly, or select existing configurations from your library, or import from a configuration file. If no configurations are selected, then Burp Scanner's default settings will be used. ![]() This allows you to apply a general configuration first (for example, your preferred general scan settings), followed by a more specific configuration (for example, some specific options that are useful for this particular application). You can select multiple configurations, and these will be applied in turn to determine the final configuration that is used for the scan. The "Scan configuration" section of the scan launcher lets you select configurations to control how the scan is carried out. You can manually remove any further items that you do not wish to scan. You can double-click any item in the list to view full request and response. The consolidation wizard then displays the full list of items that will be scanned. If any option would result in none or all of the items being removed, then this option will be unavailable. Out-of-scope items (based on the current suite scope)įor each item, Burp shows the number of affected items. Clicking "Consolidate items" displays a wizard that lets you choose whether to remove items with various features:ĭuplicate items in the selection (those with matching URL and parameter names) If you have made a large selection of items to scan, it is often useful to consolidate the selected items to improve the efficiency of the scan. Note that the same URL will appear more than once if there are multiple requests to the same URL with different parameters. The URLs of the selected items are listed. This section is displayed for the "Audit selected items" scan type. Note that you still need to specify the URLs to scan, since these are the starting points for the crawl, and the URLs to scan must fall within the defined scope. This lets you define the scope of the crawl using either URL prefixes or advanced matching rules, as for Burp's Target scope. You can override the default behavior and provide a different scope configuration by opening the "Detailed scope configuration" toggle. For example, if you specify a start URL of then the crawler will begin at this URL, and will crawl content within the path. These URLs will be the starting point of the crawl, and Burp will follow links from there into the application.īy default, the scope of the crawl will be restricted to the configured URLs truncated to the final folder (if any). You can configure one or more URLs from which Burp will perform the crawl. This section is displayed for "Crawl and audit" and "Crawl" scan types.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |