Intro to Burp Suite Automatic Scanning

July 12, 2022
Zandt Lavish
3 min read

Burp Suite is a graphic tool for professional-grade web application security testing. The program’s tools can be combined for a range of testing processes from simple to highly advanced and specialized. In this article,we’ll be taking a deep dive into Burp Suite’s state-of-the-art Web Application Scanner and provide a step-by-step guide to start using it.

 Burp Suite Community Edition is available for free, and Burp Suite Professional (including the web application Scanner) is $399/year.

 Tools offered by Burp Professional – Scanner, Intruder, Repeater, Decoder, Sequencer, Comparer, Clickbandit, Collaborator, Extender, Spider, etc.

Scanner

Scanning in-scope web applications, Burp’s scanner produces a list of vulnerabilities along with information, exploitation complexity, and references. There are two types of scans available which we’ll be looking at: Passive and Active.

Passive scans analyze the base requests and responses it has stored. They find the vulnerabilities without sending any unmentioned requests. If you’re scanning a publicly released application, you don’t want your scanner causing a stir. Passive scans allow for controlled request sending.

Issues Identified by Passive Scans:

1.    Clear-text submission of passwords

2.   Insecure cookie attributes(e.g., missing HttpOnly and secure flags)

3.   Liberal cookie scope

4.   Cross-domain Referer leakage

5.   Autocomplete enabled forms

6.   Caching of SSL-protected content

7.   Directory listings

8.   Submitted passwords returned in later responses

Active scans take the base requests and crafts new ones with different payloads built into the scanner configuration. This method of scanning generates more traffic to the web application and consumes more time to generate the reports.

Issues Identified by Active Scans:

1.    Cross-site scripting reflected/stored

2.   Information disclosure via IP addresses

3.   Email disclosure

4.   Command injection

5.   XXE (XML external entity injection)

6.   SQL injection

Now with an idea of the scanner’s features, let’s see it in action!

Passive Scanning (Step-By-Step)

1.    Navigate to Site map under the Target tab to select your target

2.   Right-click the web application you want to scan (blurred in the example) and select Passively scan this host

3.   The passive scan will show running on the Dashboard

4.   Once complete, a list of vulnerabilities will be produced

5.   The Audit items can be viewed by navigating to the Dashboard and clicking on View Details

Active Scanning (Step-By-Step)

1.   Navigate to Site map under the Target tab to select your target

2.    Right-click the web application you want to scan (blurred in the example) and select Actively scan this host

3.     The active scan will show running on the Dashboard

* This scan will likely take 1-3hrs (depending on how many endpoints you’ve traversed on your target with Burp’s default active scanning configuration)

Customized Active Scanning (Step-By-Step)

We’ve seen one way to quickly perform an Active scan.Now let’s see how to customize it.

1.     Navigate to Site map under the Target tab to select your target

2.   Right-click the web application you want to scan (blurred in the example) and select Scan/Open scan launcher

3.   You’ll be prompted with a New Scan launch window

4.   Under Scan Details, there are three scan types to choose from:

      I.        Crawl and audit (default) – Crawls and audits the application

      II.       Crawl – Crawls the application

      III.      Audit selected items – Audits selected items from the list

5.   Under Scan Configuration you can create a specific configuration for Crawling and/or Auditing

6.   By selecting New…/Auditing, you’ll see all the possible customizations (from Audit Optimization to JavaScript Analysis)

7.   Under Application Login you can add Login credentials for the web application you’re scanning

8.   Under Resource Pool, you can specify the resource pool for the scan to be run over. These pools are used to manage the system resources during a vulnerability scan. Each pool can be configured with concurrent requests and throttling or delays between requests

9.   Once setting up the configurations and selecting OK, the now customized active scan will show running on the Dashboard

Conclusion

The Burp Suite scanner is an incredibly powerful tool. Used passively or aggressively, this is a fundamental asset for your next web application pentest. Check out the other posts below and stay tuned to our writings!

Let's Get Started

Book a time to chat about your security needs.
* Indicates a required field.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.