πŸ“‹Overview

Rules are the engine behind Smart Scan β€” they define automated scanning workflows that trigger active profiles when passive conditions are detected. Rules follow an IF-THEN pattern that intelligently connects passive reconnaissance with targeted active scanning.

❓ What is a Rule?

A rule is a conditional automation that says:

πŸ” IF these passive conditions are detected in the traffic, 🎯 THEN execute these active scanning profiles against the matching request.

πŸ—οΈ Rule Structure

Each rule consists of:

1️⃣ Metadata

Field
Description

πŸ“ Name

Unique identifier for the rule

βœ… Enabled

Whether the rule is active

πŸ“„ Description

What the rule does

2️⃣ Match Conditions (IF)

One or more passive profile references that must be satisfied:

  • πŸ“¨ Passive Request profiles β€” Match against HTTP requests

  • πŸ“© Passive Response profiles β€” Match against HTTP responses

  • βš™οΈ Logic operators β€” Combine conditions:

    • βœ… AND β€” All conditions must match

    • πŸ”€ OR β€” At least one condition must match

3️⃣ Execute Actions (THEN)

What to do when conditions are met:

  • πŸ“ Execute specific profiles β€” Run named active profiles

  • 🏷️ Execute profiles by tag β€” Run all profiles with a specific tag

  • 🎯 Match scope:

    • πŸ”„ All Matches β€” Execute for every match of the passive condition

    • 1️⃣ First Match β€” Execute only for the first match (per host/URL)

πŸ“„ Rule File Format

Rules are stored as JSON files with the .bbre extension:

βš™οΈ How Rules Execute

πŸ› οΈ Managing Rules

πŸ“₯πŸ“€ Import/Export

  • Rules use the .bbre file extension

  • Import and export from the Rules tab

  • Share rules with team members

βœ…βŒ Enable/Disable

Toggle individual rules on/off without deleting them. Disabled rules don't participate in Smart Scan.

✏️ Edit

πŸ–±οΈ Double-click a rule to open the editor dialog (non-modal).

πŸ“‹ Duplicate

Clone a rule with an auto-generated name suffix for creating variations.

πŸ“¦ Default Rules

Burp Bounty Pro ships with 27 pre-configured rules. See Default Rules for the complete reference.

πŸ“– Next Steps

  • πŸ“ Creating Rules β€” Step-by-step guide to creating custom rules

  • πŸ“š Examples β€” Practical rule examples from the default rule set

Last updated