Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Duration of Scans not decreasing, when only checking for XSS

rwtr988x | Last updated: Aug 17, 2021 10:53AM UTC

Hi all, I am using BurpSuite Enterprise and I have added a scan configuration, that will only check for XSS (reflected, etc...). I expected the Scan to take lesser time, than a default scan. However my assumption is wrong... How would I increase the speed of a Scan that only focuses XSS. Thanks in advance!

rwtr988x | Last updated: Aug 17, 2021 11:11AM UTC

nvm, it takes lesser time now. but not significantly though! How would I tweak a scan configuration in terms of Scanduration? Any hints? Thanks again!

Hannah, PortSwigger Agent | Last updated: Aug 17, 2021 01:10PM UTC

Hi A scan in Enterprise is composed of two different phases - crawling and auditing. Crawling is when the Scanner is exploring your application looking for different unique locations to use later. Auditing is when the Scanner makes use of the locations it has found and tries various methods against each location to determine if there are any vulnerabilities present. If you've adjusted the audit configuration to only check for XSS issues, then that will reduce the time of that phase. However, the crawl phase will still last the same length of time. To make the crawl faster, you can adjust the crawl configuration or change the scope of your scan (Advanced options on your Site Details).

rwtr988x | Last updated: Aug 17, 2021 01:43PM UTC

Thank you very much for the clarification!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.