📋Overview

Rules are the engine behind Smart Scan — they define automated scanning workflows that trigger active profiles when passive conditions are detected. Rules follow an IF-THEN pattern that intelligently connects passive reconnaissance with targeted active scanning.

❓ What is a Rule?

A rule is a conditional automation that says:

🔍 IF these passive conditions are detected in the traffic, 🎯 THEN execute these active scanning profiles against the matching request.

🏗️ Rule Structure

Each rule consists of:

1️⃣ Metadata

Field

Description

📝 Name

Unique identifier for the rule

✅ Enabled

Whether the rule is active

📄 Description

What the rule does

2️⃣ Match Conditions (IF)

One or more passive profile references that must be satisfied:

📨 Passive Request profiles — Match against HTTP requests
📩 Passive Response profiles — Match against HTTP responses
⚙️ Logic operators — Combine conditions:
- ✅ AND — All conditions must match
- 🔀 OR — At least one condition must match

3️⃣ Execute Actions (THEN)

What to do when conditions are met:

📝 Execute specific profiles — Run named active profiles
🏷️ Execute profiles by tag — Run all profiles with a specific tag
🎯 Match scope:
- 🔄 All Matches — Execute for every match of the passive condition
- 1️⃣ First Match — Execute only for the first match (per host/URL)

📄 Rule File Format

Rules are stored as JSON files with the .bbre extension:

[
  {
    "RuleName": "My_Rule",
    "Enabled": true,
    "Description": "Detect technology X and test for vulnerability Y",
    "Conditions": [
      {
        "type": "passive_response",
        "profile": "Technology_X_Detection",
        "operator": ""
      }
    ],
    "Actions": [
      {
        "type": "profile",
        "value": "CVE-XXXX-YYYY_Technology_X",
        "scope": "All Matches"
      }
    ]
  }
]

⚙️ How Rules Execute

📡 HTTP Traffic
  │
  ├─ Request passes through Burp Suite
  │   ├─ 📨 Passive Request profiles check the request
  │   └─ 📩 Passive Response profiles check the response
  │
  ├─ 📋 Rule engine evaluates conditions
  │   ├─ Condition 1: Does passive profile X match? ✓/✗
  │   ├─ Condition 2: Does passive profile Y match? ✓/✗
  │   └─ ⚙️ Logic evaluation (AND/OR): Pass/Fail
  │
  └─ ✅ If conditions pass → 🎯 Execute active profiles
      ├─ Profile A runs against the matched request
      ├─ Profile B runs against the matched request
      └─ 🐛 Results reported as issues

🛠️ Managing Rules

📥📤 Import/Export

Rules use the .bbre file extension
Import and export from the Rules tab
Share rules with team members

✅❌ Enable/Disable

Toggle individual rules on/off without deleting them. Disabled rules don't participate in Smart Scan.

✏️ Edit

🖱️ Double-click a rule to open the editor dialog (non-modal).

📋 Duplicate

Clone a rule with an auto-generated name suffix for creating variations.

📦 Default Rules

Burp Bounty Pro ships with 27 pre-configured rules. See Default Rules for the complete reference.

📖 Next Steps

📝 Creating Rules — Step-by-step guide to creating custom rules
📚 Examples — Practical rule examples from the default rule set

PreviousTags NextCreating Rules

Last updated 11 hours ago

hashtag❓ What is a Rule?

hashtag🏗️ Rule Structure

hashtag1️⃣ Metadata

hashtag2️⃣ Match Conditions (IF)

hashtag3️⃣ Execute Actions (THEN)

hashtag📄 Rule File Format

hashtag⚙️ How Rules Execute

hashtag🛠️ Managing Rules

hashtag📥📤 Import/Export

hashtag✅❌ Enable/Disable

hashtag✏️ Edit

hashtag📋 Duplicate

hashtag📦 Default Rules

hashtag📖 Next Steps