Burp Suite contains a wide range of settings, enabling you to configure the system to work with almost any workflow or target application.
This page gives a brief overview of some key settings that are useful in most projects.
The target scope configuration tells Burp which hosts and URLs you are currently interested in and willing to attack. We recommend that you set a suite-wide target scope early in your testing in order to ensure that Burp does not target any inappropriate items.
Selecting a scope enables you to fine-tune the behavior of many of Burp's tools. For example:
Burp can carry out platform-level authentication for any application servers that require it. You can configure different authentication types and credentials for individual hosts if needed.
Burp supports the following authentication types:
Some applications contain security features that can hinder automated or manual testing, such as reactive session termination, use of per-request tokens, and stateful multi-stage processes.
Burp enables you to configure session handling rules and macros to deal with any session-related issues in the background, helping you to continue your testing uninterrupted.
The task scheduler enables you to configure certain tasks to run automatically at defined times. You can use the task scheduler to start and stop certain automated tasks out of hours while you are not working, and to save your work periodically or at a specific time.
You can configure the font and character set that Burp uses to display HTTP messages, and also specify the font used in Burp's own UI.