Active Scan

Burp Bounty Pro gives you the ability to create your own vulnerability profiles to the active scanner.

The philosophy behind Burp Bounty’s active profiles is simple:

  1. Profile payloads are inserted at the selected insertion points and the request is sent it to the server. Another option is use Raw request and sent it to the server.

  2. In the HTTP response looks for a pattern (or patterns) with all the filtering options in the profiles.


  1. The request insertion points are extracted.

  2. All active profiles are executed.

  3. If there is a vulnerability, it’s reported.

If you scan one or multiple requests with the Active scan, you will launch against the request all the profiles that are active in the tab “Profiles-> Active Profiles”. If you scan a request, several request or one entire domain with “Active Scan->Some TAG”, the profiles that are tagged with “Some TAG” will be launched on that request/requests. For example, if you scan with Active Scan->XSS, the profiles tagged with the XSS tag will be launched on the request/requests.

Right click and “Active Scan->XSS”

The profiles with the Tag “XSS” will be launched. For example, the “Test XSS append” and “XSS” profiles.

You can create new tags and create your own profiles groups for be launched to a target.

Last updated