Burp Suite User Forum

Create new post

Optimal setup for using the scanner

Matthew | Last updated: Dec 17, 2018 04:14PM UTC

Hi, I use QA automated testing scripts to run through the Burp proxy to record the traffic and get pretty good coverage of our app. Then once the automated test have completed, I run the scanner test. Because of the size of our app and the amount of traffic recorded, when all the duplicates are dropped out, I still have over 10,000 entries in the scanner queue. When I run the scan, it takes a long time, like about 2 weeks to run. I was wondering if this was normal (are other users maybe doing the same thing and having it take this long) or does anyone have any tips on make this go faster? For example, the Burp software is setup on its own VM server. I've allocated 8 GB to the machine and 8 virtual processors, but when I launch BURP I only allocate 4GB to java. Would allocating more of anything help here? (I have limited resources). Because these scans take so long, eventually over the weekend there will be some network issue because all sorts of processes will kick in to run backups and cause network slowdown. Would running the scan be faster and avoid these issues if I ran Burp on the same machine that hosts the server I'm trying to scan against? Any other thoughts or tips? Thanks, Aracknid

Liam, PortSwigger Agent | Last updated: Dec 18, 2018 10:48AM UTC

A few things to try: Increasing the number of threads / concurrent request via New Scan > Resource pool. Increase Audit speed via New Scan configuration > Audit Optimization. You could try splitting the application in to separate sections and scanning them separately using Scope rules. You could try manually checking for duplicates in the Audit items view. Which version of Burp are you using?

Burp User | Last updated: Dec 18, 2018 08:37PM UTC

I'm using 1.7.37. I'll look into some of your suggestions. Thanks. Aracknid.

Liam, PortSwigger Agent | Last updated: Dec 19, 2018 08:31AM UTC

The suggestions I made were for Burp 2.x. There are some suggestions on this support page to speed up scanning in Burp 1.x: - https://support.portswigger.net/customer/portal/articles/2890023-troubleshooting-slow-scanner-issues

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.