If you scan a request or a domain with Smart Scan, attacks will be launched based on the enabled rules in the “Rules” section

The Smart Scan is a scanner that uses Burp Bounty Pro profiles to perform automatic attacks simulating the attacks that you would perform manually in a web application.

That is, if it detects an open redirect parameter, for example redirect_url, it will launch open redirect attacks only for that parameter.

You can create a rule to launch the automatic WordPress attacks, only when it has detected that the application you are analysing is a WordPress.

The logic is simple:

1. You create a passive profile or several

2. You create an active profile or several

3. You create a rule, where you specify:

• If you detect that Passive Profiles have generated an alert

• Launches Active Profiles against the host that generated the alerts

• If successful, it will generate an automatic alert

Create a rule:

Rules section: