Burp Bounty Pro
  • Extension Sections
    • Dashboard
    • Scanner
    • Rules
    • Profiles
    • Options
    • License
    • About
  • Extension Usage
    • Usage
  • Scan Methods
    • Active Scan
    • Passive Scan
    • Smart Scan
    • Live Passive Scan
  • Rules
  • Profiles
    • Active Profiles
    • Passive Request Profiles
    • Passive Response Profiles
Powered by GitBook
On this page
  1. Scan Methods

Smart Scan

PreviousPassive ScanNextLive Passive Scan

Last updated 1 year ago

If you scan a request or a domain with Smart Scan, attacks will be launched based on the enabled rules in the “Rules” section

The Smart Scan is a scanner that uses Burp Bounty Pro profiles to perform automatic attacks simulating the attacks that you would perform manually in a web application.

That is, if it detects an open redirect parameter, for example redirect_url, it will launch open redirect attacks only for that parameter.

You can create a rule to launch the automatic WordPress attacks, only when it has detected that the application you are analysing is a WordPress.

The logic is simple:

  1. You create a passive profile or several

  2. You create an active profile or several

  3. You create a rule, where you specify:

  • If you detect that Passive Profiles have generated an alert

  • Launches Active Profiles against the host that generated the alerts

  • If successful, it will generate an automatic alert

Create a rule:

Rules section: