π Introduction
Burp Bounty Pro is a powerful Burp Suite extension that allows security researchers and bug bounty hunters to create custom scan profiles for detecting vulnerabilities in web applications. It extends Burp Suite's scanning capabilities by letting you define custom payloads, match conditions, and detection rules β without writing any code.
β¨ Key Features
π― Custom Active Scanning β Define payloads and match patterns to detect vulnerabilities like XSS, SQLi, SSRF, RCE, path traversal, and more
ποΈ Passive Scanning with Tag-Based Launching β Analyze requests and responses passing through Burp Suite. Launch passive scans by tag to run only the checks you need (e.g., only security headers, only secret detection)
π§ Smart Scan (Rules) β Create IF-THEN rules that automatically trigger active scans when specific passive conditions are detected
π Multi-Step Profiles β Chain multiple scanning steps together with cookie reuse and sequential execution for complex attack scenarios
π Global Variables β Use dynamic variables like
{REDIRECT_DOMAIN},{BC},{CURRENT_HOST}in payloads and match patternsπ¦ 254 Default Profiles β Ready-to-use profiles covering CVEs, common vulnerabilities, technology detection, and sensitive data exposure
π 27 Default Rules β Pre-configured Smart Scan rules for automated vulnerability detection workflows
π Flexible Match Types β Simple string, regex, payload reflection, response variations, content length differences, HTTP response codes, time-based detection, and Burp Collaborator integration
π 30+ Insertion Point Types β URL parameters, body parameters, cookies, JSON keys/values, XML, HTTP headers, URL path components, and more
β‘ Per-Scan Performance Settings β Configure threads, concurrency, and requests per second independently for each scan
βΈοΈ Pause & Resume β True thread-safe pause/resume that preserves full scan state. Paused time is excluded from scan duration.
π·οΈ Tags System β Organize profiles with tags across all profile types. Tags power the passive scan submenu and Smart Scan rule targeting.
π€ Profile Import/Export β Share and reuse profiles across teams with JSON-based
.bbprofile files
π What's New in v3.0.0
π Multi-step scanning for complex attack chains
π Global variables system with user-configurable values
β±οΈ Time-based vulnerability detection engine
β‘ Per-scan scanner settings (threads, concurrency, RPS) in the scan popup
βΈοΈ Pause/resume with PausableThreadPoolExecutor β true zero-loss state management
π·οΈ Tag-based passive scan launching with Request/Response submenus and profile counts
π·οΈ Tags column and Set New Tag on all profile tables (Active, Passive Request, Passive Response)
π― Stop-on-first-match optimization for single-step profiles
πͺ Non-modal dialogs, profile duplication, payload/grep markers
π URL filtering for all scan types
π‘οΈ 30-redirect loop protection and scan timeout detection (with paused time excluded)
π Getting Started
Head to the Installation guide to set up Burp Bounty Pro, or jump straight to the Quick Start guide to run your first scan.
π Documentation Overview
π Quick Start
Run your first scan in 5 minutes
π₯οΈ Interface Overview
Understand all tabs and controls
π― Active Scan
Active scanning with custom payloads
ποΈ Passive Scan
Passive analysis with tag-based launching
π§ Smart Scan
Automated scanning with IF-THEN rules
βοΈ Scan Control
Pause/resume, per-scan settings, performance tuning
π Profiles
Creating and managing scan profiles
π·οΈ Tags
Organizing profiles with tags
π Rules
Creating Smart Scan rules
π Variables
Global variable reference
βοΈ Settings
Configuration options
π¦ Default Profiles
254 built-in profiles reference
π Default Rules
27 built-in rules reference
β FAQ
Frequently asked questions
Last updated