Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Parallel Scan - Options & Difference

IT | Last updated: Nov 30, 2020 07:58AM UTC

Based on our understanding, we could see 3 possible options to run scans in parallel. With that said, would like to know - a. Difference between each of them from performance & reporting perspective b. Which is the preferred way of scanning Our idea is to run the scan against the same application but each scan will be targeting different functionalities/pages. For example, search for a product & check-out a product in ecommerce web app 1. Run 2 parallel scans from 1 instance of Burp Suite Professional 2. Launch 2 instances of Burp Suite Professional in the same machine 3. Using 2 machines that has Burp Suite Professional Thanks.

Uthman, PortSwigger Agent | Last updated: Nov 30, 2020 11:34AM UTC

Hi, By "3 possible options to run scans in parallel", are you referring to the scan type itself? (e.g. crawl and audit, audit, or audit selected items) You can find out more details on the scanning behavior here: https://portswigger.net/burp/documentation/desktop/scanning. It is essentially entirely up to you how you launch your scans. You can select an active scan if you have manually crawled the site/application and want to skip that step. There should be no differences in reporting if you launch 3 separate scans on different sites. The issues will be reported under Issue Activity, or you can view them for each host under the Target > Site map. Your final 3 questions - 2 separate instances of Burp may help if your machine is very well resourced. Using 2 separate machines would be the most effective and you can alter the amount of RAM allocated to Burp by either launching Burp from the command line or changing the parameter in the VMOPTIONS file. - https://portswigger.net/burp/documentation/desktop/getting-started/launching/command-line

IT | Last updated: Nov 30, 2020 12:17PM UTC

Below is what I was referring as "3 possible options to run scans in parallel" 1. Run 2 parallel scans from 1 instance of Burp Suite Professional 2. Launch 2 instances of Burp Suite Professional in the same machine 3. Using 2 machines that has Burp Suite Professional We understand the tool is capable of doing parallel scans and there will not be any issues if all the scans are against different application/target system. But here, we want to do it parallel against the same web app but on different modules/functionalities. In this case, would all the above 3 options ends up with the same results(assuming we have sufficient resources as you mentioned)?

Uthman, PortSwigger Agent | Last updated: Nov 30, 2020 12:38PM UTC