This article is a part of the Guide for Burp Suite series. Within the previous article, we learn about some of the features of the Extender tab. Now we’ll move forward and see some of the features of the Scanner. So Let’s Get Started.
Burp Scanner is a tool that automates the search for weaknesses within the runtime version of an application. Scanner attempts to find security vulnerabilities based on the working of the application. The scanner will identify indicators that may lead to the identification of a security vulnerability. Burp Scanner is extremely reliable, however, it is the responsibility of the pentester to validate any findings prior to reporting.
Two scanning modes are available in Burp Scanner:
- Passive scanner – Analyzes traffic passing through the proxy listener. This is why it’s so important to properly configure your target scope so that you aren’t scanning more than is necessary.
- Active scanner – Sends numerous requests that are tweaked from their original form. These request modifications are designed to trigger behavior that may indicate the presence of vulnerabilities. An active scanner is focused on input-based bugs that may be present on the client and server side of the application.
Performing a scan contains two phases
Crawling – The crawl phase of a scan involves navigating around the application, following links, submitting forms, and logging in where necessary, to catalog the content of the application and the navigational paths within it. This seemingly simple task presents a variety of challenges that Burp’s crawler is able to meet, to create an accurate map of the application.
Auditing – The audit phase of a scan involves analyzing the application’s traffic and behavior to identify security vulnerabilities and other issues. Burp Scanner employs a wide range of techniques to deliver a high-coverage, dead-accurate audit of the application being scanned.
Congratulation! finally, you know about the feature of the scanner in the Burp Suite.
#burpsuite #burpsuitetutorial #burp #webapplicaitonpentesting