Extension Sections

Dashboard

In the “Dashboard” tab you will see the vulnerabilities detected by Burp Bounty Pro scanners, both active and passive. You can change the domain and see only the issues belonging to that domain.

Scanner

In the “Scanner” tab, you will be able to see the scans carried out or in progress. In this section you can see the “status” of each endpoint, you can select one or multiple scans and “pause”, “resume” or “cancel” them.

Rules

In the tab “Rules” you can see the rules that will be used in the Smart Scan.

Profiles

In the tab “Profiles” you can see the active profiles, passive request and passive response. In this section you can add new profiles or edit existing ones.

In this section you can also activate or deactivate one or more profiles by means of the right button.

You can add tags to multiples active profiles directly. You have to select the profiles that you want, and then right click->Set New Tag and add the Tag name.

Options

In this section you can specify different options for the extension.

Directory: Here you can select de Burp Bounty Data folder (profiles and rules).

Scanner Settings:

  • Smart scan threads: Here the threads that will be used in the active part of the smart scan are specified.

  • Active scan threads: Here the threads that will be used in the active scanner are specified.

  • Passive scan threads: Here the threads that will be used in the passive scanner are specified.

  • Endpoint scan fail time: After the specified scan time has passed, the endpoint will go to the “failed” status and will continue with the next endpoint.

  • Delay between requests: Delay between each request.

  • Max active concurrent scans: This number specifies how many simultaneous endpoints will be scanned.

  • Extensions to avoid in the active scan: Extensions that will not be scanned on the active scanner.

  • Extensions to avoid in the passive scan: Extensions that will not be scanned on the passive scanner.

  • Alternative host for burp collaborator: You can specify an alternative host to Burp collaborator, which will replace the token {BC}.

  • Live passive scan button: Passive scanning can be started in live mode.

  • Only in-scope items: The live passive scanner only takes into account the endpoints that are specified in the scope.

Tags Manager: In this section you can add or delete Tags. If a Tag is deleted, it will be removed from all the profiles where it’s assigned.

License

In this section you can view information about Burp Bounty Pro, as well as view the EULA and activate the license.

To activate the license you have to put the license number in the “License key” field and press the “Activate” button.

The “Proxy address” and “Port” field is to specify the IP address and port of the proxy to activate the license through proxy.

About

In this section you can view information about Burp Bounty Pro and check if new version of the extension or profiles are available.

Last updated