1. Support Center
  2. Documentation
  3. Desktop editions
  4. Testing workflow
  5. Complementing manual testing with Burp Scanner

Complementing your manual testing with Burp Scanner

In addition to its automated testing capabilities, Burp Scanner can also be a powerful tool in your manual testing workflow, enabling you to investigate items or areas of interest without having to scan your entire application.

For example, you can use Scanner to perform targeted scans on specific requests, which you can then investigate further using Burp's manual testing tools.

To learn more about how you can use Burp Scanner to complement your manual testing, you can follow the tutorials below using our deliberately vulnerable website, ginandjuice.shop:

More information

To learn more about reviewing scan results, see Viewing scan results.

Scanning specific requests

Scanning a specific request is much faster than an application-wide scan, and often only takes seconds.

To scan a specific request:

  1. In Burp Suite, go to Proxy > Intercept.
  2. Click Open browser to open Burp's browser.
  3. In Burp's browser, explore your target application.

  4. In Burp, go to Proxy > HTTP history. Identify a request of interest, then right-click it and select one of the following scan methods:

The Dashboard tab flashes to indicate the scan has started. You can go to the Dashboard to review the progress and results of a scan.

Scanning user-defined insertion points

Burp Suite enables you to manually define insertion points and limit the audit phase of the scan to use only these insertion points. This means you can focus the scan on specific inputs that you want to test, reducing the number of requests required. Additionally, this lets you scan a request using inputs that Burp Scanner would normally ignore, such as custom header values.

Scanning a single insertion point

To scan a single user-defined insertion point:

  1. In the message editor, highlight the part of the request you want to use as an insertion point.
  2. Right-click the request, then select Scan selected insertion point.
  3. Configure and launch your scan.

The Dashboard tab flashes to indicate the scan has started. To review the progress and results of your scan, go to the Dashboard.

Scanning multiple insertion points

You can also use Burp Intruder to define multiple insertion points in one request.

To scan multiple insertion points:

  1. Send the relevant request to Intruder.
  2. Go to Intruder > Positions.
  3. In the message editor, highlight a substring you want to define as an insertion point and click Add §. Repeat this step for every insertion point you want to define.
  4. Right-click the request, then select Scan defined insertion points.
  5. To review the progress and results of your scan, go to the Dashboard.

If you define multiple insertion points, Burp scans each insertion point separately.

Scanning non-standard data structures

You might need to define insertion points in positions within a non-standard data structure, such as multiple data points separated by a dash or a forward slash, as seen in the following example:

user=048857−carlos

In this example, 048857 and carlos might be seen as separate data points by the target application. You can use Burp Intruder to define these as separate payloads without compromising the structure of the data, as indicated below with § characters.

user=§048857§−§carlos§

Once you've defined every relevant insertion point in Intruder, right-click the request and select Scan defined insertion points.

Store HTTP traffic for review

Whether you've performed an application-wide scan or scanned a specific request, you can store requests and responses in Burp Organizer. For example, you might want to investigate a specific response at a later date without having to scan or browse through your target application again.

To do this, right-click a request or response, then select Send to Organizer.

To learn more about Burp Organizer, see Organizer.

Related pages