⚡Quick Start

This guide walks you through running your first scan with Burp Bounty Pro in under 5 minutes.

Step 1️⃣ — Browse to a Target

1. Configure your browser to use Burp Suite as a proxy

2. Browse to the target web application

3. Ensure the target appears in Burp Suite's Target > Site Map

Step 2️⃣ — Select Profiles

1. Go to the Burp Bounty Pro tab > Profiles sub-tab

2. Review the three profile categories:

   • 🎯 Active Profiles — Profiles that send payloads to test for vulnerabilities

   • 📨 Passive Request Profiles — Profiles that analyze outgoing requests

   • 📩 Passive Response Profiles — Profiles that analyze incoming responses

3. Each table shows: Enabled, Profile Name, Tags, and Author's Twitter

4. Enable or disable profiles using the Enabled checkbox in each profile row

5. All default profiles are enabled by default

💡 Tip: Use the tag dropdown at the top to filter profiles by category (XSS, SQLi, CVEs, etc.) and focus on what matters for your target.

Step 3️⃣ — Enable Smart Scan Rules (Optional)

1. Go to the Rules sub-tab

2. Review the available rules — these define IF-THEN conditions that automatically trigger active scans when passive matches are found

3. Enable the rules you want (most are enabled by default)

Step 4️⃣ — Launch an Active Scan

1. In Burp Suite, right-click on target URLs in Target > Site Map, Proxy History, or Repeater

2. Select Active Scan from the Burp Bounty Pro context menu

3. The URL Filter popup appears — review the URLs, configure Scanner Settings (Threads, Concurrency, RPS), and click OK

4. Burp Bounty Pro launches the scan with your per-scan settings 🎯

💡 Tip: For fast targets, increase threads to 20. For rate-limited targets, decrease to 3 and set RPS to 2.

Step 5️⃣ — Launch a Passive Scan

Passive scanning can run in two ways:

🔄 Automatic (Live Passive Scan)

1. In the Dashboard tab, toggle Live Passive Scan on

2. All traffic passing through Burp Suite is automatically analyzed

🏷️ Manual (Tag-Based)

1. Right-click on one or more requests

2. Select Passive Scan from the context menu

3. Choose the scope from the tag-based submenu:

   • All — Run all passive profiles

   • Passive Request > Tag — Run only request profiles with a specific tag

   • Passive Response > Tag — Run only response profiles with a specific tag

Step 6️⃣ — Monitor and Control Results

1. Go to the Burp Bounty Pro tab > Dashboard sub-tab

2. The dashboard shows:

   • 📊 Scanner progress — Active tasks, completed scans, and queue status

   • 🐛 Issues found — Detected vulnerabilities with severity, confidence, and details

3. Use the control buttons:

   • ⏸️ Pause All — Pause all scans without losing progress

   • ▶️ Resume All — Resume paused scans from where they left off

   • ⏹️ Stop — Stop all scans

Step 7️⃣ — Review Findings

Each issue reported includes:

• 📛 Issue Name — The vulnerability type (e.g., "XSS", "SQLi", "CORS Misconfiguration")

• 🔴🟠🟡🔵 Severity — High, Medium, Low, or Information

• 🎯 Confidence — Certain, Firm, or Tentative

• 📝 Detail — The payload used and the grep pattern that matched

Issues also appear in Burp Suite's Dashboard > Issue activity for integrated review.

📌 Next Steps

• 🖥️ Interface Overview — Learn about all the tabs and controls

• 📝 Creating Active Profiles — Create your own vulnerability detection profiles

• 🧠 Smart Scan — Set up automated scanning workflows with Rules

• ⚙️ Scan Control — Learn about pause/resume, per-scan settings, and performance tuning

• 🏷️ Tags — Organize profiles and launch targeted passive scans

• 🔀 Global Variables — Configure variables like {REDIRECT_DOMAIN} and {BC}