search

πŸ–₯️Interface Overview

Burp Bounty Pro adds a Burp Bounty Pro tab to the main Burp Suite interface. This tab contains several sub-tabs for managing scans, profiles, rules, and settings.

hashtag
πŸ“‘ Main Tabs

hashtag
πŸ“Š Dashboard

The Dashboard is your primary view for monitoring scan activity and reviewing results.

Scanner Progress Table:

  • Shows active scan tasks with their status (🟒 Running, 🟑 Paused, βœ… Completed, ❌ Failed)

  • Displays the profile name, target URL, and progress information

  • Real-time updates as scans execute

Issues Table:

  • Lists all vulnerabilities and findings detected by Burp Bounty Pro

  • Columns: Issue Name, Severity, Confidence, Host, Path

  • Click on an issue to view its full details including the payload used and grep match

Control Buttons:

  • ⏸️ Pause All β€” Pauses all running scans using PausableThreadPoolExecutor. Threads block at a safe point and resume exactly where they left off. No scan progress is lost.

  • ▢️ Resume All β€” Resumes all paused scans instantly

  • ⏹️ Stop β€” Stops all scans and clears the task queue

  • πŸ—‘οΈ Clear Issues β€” Clears the issues table

  • πŸ”„ Live Passive Scan β€” Toggle button to enable/disable automatic passive scanning of all HTTP traffic. When enabled, the "Scope Only" checkbox restricts scanning to in-scope targets.

hashtag
πŸ”Ž Scanner

The Scanner tab provides detailed per-request logging of scan activity.

  • Shows every HTTP request made by active scan profiles

  • Includes request/response pairs for debugging and analysis

  • Displays the profile name, payload, and result for each request

hashtag
πŸ“ Profiles

The Profiles tab manages all scanning profiles, organized into three categories:

🎯 Active Profiles:

  • Profiles that actively send payloads to test for vulnerabilities

  • Columns: Enabled, Profile Name, Tags, Author's Twitter

  • Actions: Add, Edit (double-click), Delete, Duplicate, Enable/Disable, Set New Tag, Import, Export

πŸ“¨ Passive Request Profiles:

  • Profiles that analyze HTTP requests passing through Burp Suite

  • Columns: Enabled, Profile Name, Tags, Author's Twitter

  • Actions: Add, Edit (double-click), Delete, Duplicate, Enable/Disable, Set New Tag, Import, Export

πŸ“© Passive Response Profiles:

  • Profiles that analyze HTTP responses received by Burp Suite

  • Columns: Enabled, Profile Name, Tags, Author's Twitter

  • Actions: Add, Edit (double-click), Delete, Duplicate, Enable/Disable, Set New Tag, Import, Export

πŸ“ Note: All three profile tables now share the same layout with the Tags column and full right-click context menu (Enable, Disable, Set New Tag).

🏷️ Tags Manager:

  • View and manage tags used to categorize profiles

  • Tags are used in Rules to target groups of profiles

  • Tags organize the passive scan context menu into submenus

Common Actions:

  • πŸ“₯ Import β€” Load profiles from .bb JSON files

  • πŸ“€ Export β€” Save profiles to .bb JSON files for sharing

  • πŸ“‹ Duplicate β€” Clone a profile with auto-generated name suffix

  • πŸ–±οΈ Double-click β€” Open the profile editor dialog (non-modal)

  • 🏷️ Right-click > Set New Tag β€” Assign a tag to selected profiles (works on all three tables)

hashtag
πŸ“‹ Rules

The Rules tab manages Smart Scan rules that define automated scanning workflows.

  • Each rule has: Name, Enabled status, Description

  • Rules follow an IF-THEN pattern: IF passive conditions match, THEN execute active profiles

  • Actions: Add, Edit, Delete, Duplicate, Enable/Disable, Import, Export

  • Rule files use the .bbre extension

hashtag
βš™οΈ Options

The Options tab provides global configuration settings:

  • ⏱️ Scan Timeout β€” Maximum time for a scan before marking as failed

  • 🌐 Collaborator Refresh β€” Polling interval for Burp Collaborator results

  • πŸ”’ Max Concurrent Scans β€” Limit the number of simultaneous scans

  • 🚫 Avoid URLs β€” URL patterns to exclude from scanning

πŸ“ Note: Thread pool size, concurrency, and requests per second are configured per scan in the URL Filter popup that appears before each scan, not in the global Options tab. See Scan Control.

hashtag
πŸ”€ Variables

The Variables tab manages global variables used in profiles:

  • View all configured variables with their current values

  • Add, edit, and remove custom variables

  • Default variables include {REDIRECT_DOMAIN}, {ATTACKER_DOMAIN}, {XXE_FILE}, and more

  • Variables are replaced at runtime in payloads, grep patterns, and raw requests

hashtag
πŸ”‘ License

The License tab shows license status and activation:

  • Enter and activate license keys

  • View license expiration and status

hashtag
ℹ️ About

The About tab displays:

  • Burp Bounty Pro version (currently v3.0.0)

  • Author information

  • Links to documentation and support

  • πŸ”„ Check For Updates β€” Button that checks for new versions of Burp Bounty Pro and new/updated scanning profiles

hashtag
πŸ–±οΈ Context Menus

Burp Bounty Pro integrates with Burp Suite's right-click context menus throughout the application.

hashtag
On HTTP Requests (Proxy, Site Map, Repeater, etc.)

Menu Item
Description

🎯 Active Scan

Launch an active scan with the URL Filter popup

🧠 Smart Scan

Launch a Smart Scan with rule-based automation

πŸ‘οΈ Passive Scan

Launch a passive scan with tag-based submenu

The Passive Scan submenu provides tag-based filtering:

hashtag
On Profile Table Rows

Menu Item
Description

βœ… Enable

Enable the selected profile(s)

❌ Disable

Disable the selected profile(s)

🏷️ Set New Tag

Assign a new tag to the selected profile(s)

Available on all three profile tables (Active, Passive Request, Passive Response).

hashtag
πŸ”— URL Filter Popup

The URL Filter popup appears before launching Active and Smart scans:

Section
Description

πŸ”— URL Table

Select which URLs to include in the scan

πŸ”„ Match and Replace

Request modification rules (add headers, change parameters)

⚑ Scanner Settings

Per-scan Threads, Concurrency, and Requests per second

PreviousQuick StartNextActive Scan

Last updated