Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Set Up scan order

Jonny | Last updated: Mar 06, 2020 11:15AM UTC

Hello, is there is option to configure a scan order while scanning a website. For example it could happen, that the scanner might delete some user or logout of the application while scanning the website. Is it possible to configure the scanner, that it checks the functions at the end of the scan or exclude the functions from scan ?

Uthman, PortSwigger Agent | Last updated: Mar 06, 2020 11:35AM UTC

Using Burp Scanner may result in unexpected effects in some applications. Until you are fully familiar with its functionality and settings, you should only use Burp Scanner against non-production systems. Please take a look at the following link: https://portswigger.net/burp/documentation/desktop/scanning/audit-options. You should adjust the scan configuration to match the requirements of your scan under New scan > Scan configuration > New > Auditing > and modifying any of the parameters to e.g. prevent payloads from being inserted in URL parameter values (Insertion Point Types).

Jonny | Last updated: Mar 06, 2020 12:50PM UTC

Hello, we are testing it against a non-production system we created. I checked the option you suggested but this it not what I was looking for. What I want to achiev is: Create an order or prevent Burp to scan certain function. For example it would be bad, if the scanner would try to delete some users, if the users are used for authentication.

Uthman, PortSwigger Agent | Last updated: Mar 06, 2020 02:56PM UTC