⚙️Settings

The Options tab provides global configuration settings that control Burp Bounty Pro's behavior.

⚡ Scanner Settings (Per-Scan)

⚠️ Important: Thread pool size, concurrency, and requests per second are now configured per scan in the URL Filter popup that appears before each scan. This gives you precise control over each scan's performance, and allows different scans to run with different settings simultaneously.

See Scan Control for details on per-scan configuration.

Setting

Where

Default

🧵 Threads

Per-scan popup

🔀 Concurrency

Per-scan popup

📈 Requests per second

Per-scan popup

⏱️ Scan Timeout

Setting

Description

Default

Scan Timeout

Maximum time for a scan before marking as failed (minutes)

When a scan exceeds this time limit, it's marked as "❌ Failed" in the Dashboard. This prevents stalled scans from consuming resources indefinitely.

📝 Note: Paused time is excluded from the timeout calculation. If you pause a scan for 30 minutes, those 30 minutes do not count toward the timeout.

🌐 Collaborator Settings

Setting

Description

Default

Collaborator Refresh Time

Polling interval for Burp Collaborator results (milliseconds)

Configurable

Controls how often Burp Bounty Pro checks for Burp Collaborator interactions. Lower values detect out-of-band vulnerabilities faster but increase Collaborator server load.

🔢 Max Concurrent Scans

Setting

Description

Default

Max Scans

Maximum number of concurrent scans

Configurable

Limits the total number of scans running at any time. Helps prevent excessive resource consumption when scanning multiple targets.

🚫 URL Exclusions

Setting

Description

Avoid URLs

URL patterns to exclude from scanning

Specify URL patterns that should not be scanned. Useful for:

🚪 Excluding logout URLs to avoid session termination
🔒 Skipping administrative panels
⚠️ Avoiding destructive endpoints (delete, reset, etc.)

🎨 Console Output

Setting

Description

Print Color

Color scheme for console output messages

Controls the color of log messages in the extension output console.

💾 Persistence

All settings are persisted in Burp Suite's extension settings storage:

✅ Settings survive Burp Suite restarts
✅ Settings survive extension reloads
✅ Settings are stored per Burp project

📋 Recommended Configurations

🏴‍☠️ Bug Bounty (Fast Scanning)

Per-Scan Settings:
  🧵 Threads: 20-30
  🔀 Concurrency: 20-30
  📈 RPS: 50-100

Global Settings:
  ⏱️ Scan Timeout: 120 minutes
  🔢 Max Scans: 5

🔒 Penetration Testing (Controlled Scanning)

Per-Scan Settings:
  🧵 Threads: 5-10
  🔀 Concurrency: 5-10
  📈 RPS: 5-10

Global Settings:
  ⏱️ Scan Timeout: 60 minutes
  🔢 Max Scans: 3

🛡️ Rate-Limited Target

Per-Scan Settings:
  🧵 Threads: 2-3
  🔀 Concurrency: 2-3
  📈 RPS: 1-2

Global Settings:
  ⏱️ Scan Timeout: 180 minutes
  🔢 Max Scans: 1

🏢 Internal Network (Maximum Speed)

Per-Scan Settings:
  🧵 Threads: 30-50
  🔀 Concurrency: 30-50
  📈 RPS: 100+

Global Settings:
  ⏱️ Scan Timeout: 60 minutes
  🔢 Max Scans: 10

💡 Tip: You can adjust per-scan settings differently for each scan. Run a fast scan against the main application with high threads, while simultaneously running a slow, careful scan against a sensitive API endpoint with low threads and RPS.

PreviousGlobal Variables NextDefault Profiles

Last updated 9 hours ago

hashtag⚡ Scanner Settings (Per-Scan)

hashtag⏱️ Scan Timeout

hashtag🌐 Collaborator Settings

hashtag🔢 Max Concurrent Scans

hashtag🚫 URL Exclusions

hashtag🎨 Console Output

hashtag💾 Persistence

hashtag📋 Recommended Configurations

hashtag🏴‍☠️ Bug Bounty (Fast Scanning)

hashtag🔒 Penetration Testing (Controlled Scanning)

hashtag🛡️ Rate-Limited Target

hashtag🏢 Internal Network (Maximum Speed)

⚡ Scanner Settings (Per-Scan)

⏱️ Scan Timeout

🌐 Collaborator Settings

🔢 Max Concurrent Scans

🚫 URL Exclusions

🎨 Console Output

💾 Persistence

📋 Recommended Configurations

🏴‍☠️ Bug Bounty (Fast Scanning)

🔒 Penetration Testing (Controlled Scanning)

🛡️ Rate-Limited Target

🏢 Internal Network (Maximum Speed)