Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Enterprise EditionProfessional

Custom scan configurations

  • Last updated: March 1, 2024

  • Read time: 2 Minutes

Both Burp Suite Enterprise Edition and Burp Suite Professional enable you to use custom scan configurations, giving you fine-grained control over Burp Scanner's behavior. You can use custom configurations in several ways:

  • Use one of the configurations from the configuration library.
  • Create an entirely new configuration.
  • You can import a configuration from another installation of Burp Suite Enterprise Edition or Burp Suite Professional.

Scan configuration structure

There are two options that can feature in a custom scan configuration:

  • Crawl options control Burp Scanner's behavior during the crawl phase of the scan. This enables you to specify details such as the maximum crawl length and how errors are handled when crawling.
  • Audit options control Burp Scanner's behavior during the audit phase of the scan. This enables you to specify details such as the types of issues reported and the insertion point types used.

The crawl and audit options are virtually identical for both Burp Suite Professional and Burp Suite Enterprise Edition. The scan configurations themselves vary slightly in structure between the two products:

  • Burp Suite Professional scan configurations can either contain crawl or audit options, but not both. To specify both crawl and audit options in Burp Suite Professional, you need to create and select separate configurations.
  • Burp Suite Enterprise Edition scan configurations can contain both crawl and audit options. These configurations have additional options, some of which are unique to Burp Suite Enterprise Edition.

Combining custom configurations

Both Burp Suite Enterprise Edition and Burp Suite Professional enable you to combine custom configurations together in a list. This includes built-in configurations, and any custom configurations that you create. Combining scan configurations enables you to tune Burp Scanner's behavior for certain sites and use cases.

Setting scan configurations for folders

In Burp Suite Enterprise Edition, you can set scan configurations for folders, subfolders, and sites. Subfolders and sites inherit the scan configurations from their parent folders. To learn how these scan configurations are combined by Burp Scanner, see Defining the scan configuration for a folder.

Was this article helpful?