Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How do I enable passive scanning of a site using burp collaborator or infiltrator

Haydelawal | Last updated: May 02, 2021 08:13PM UTC

Good day Team <3.I was watching a video recently and found out that I can passively scan a site during manual walk through using burp collaborator/infiltrator but I don't know how to. Oh and I'm still learning so I haven't even tried infiltrator yet. The only passive scanning I know of is right clicking and selecting passively scan this site. My only knowledge and experience of of using burp collaborator is using it in your academy labs. Any help? Thank you in advance :)

Hannah, PortSwigger Agent | Last updated: May 03, 2021 01:41PM UTC

Passive scanning involves inspecting the traffic going through Burp. It does not send any additional requests to the target application. If you're using Burp Pro, then you will already have 2 default scan tasks, one to add items to your site map and another to passively scan all traffic through Burp. To discover vulnerabilities using tools like the Collaborator, you would need to perform an active scan instead (as this includes sending additional requests to the target application). If you are planning on using Infiltrator at any point, please make sure that you have fully read our documentation first, as the use of Infiltrator will permanently modify an application's bytecode. You can find our documentation [here](https://portswigger.net/burp/documentation/infiltrator)

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.