Burp suite has many useful features in store for us, even right after starting up. As a user of the community version of burp, your options here will be somewhat limited but still useful in debugging our project. We will start with one of the few free options available to us.
This will display any event occuring in burp suite while we run it, this can range from errors to information to things we print out with our custom written extensions.
If you ever have issues intercepting traffic or decoding it, this is the first place i would look.
We can diffirentiate between 3 different types of scans here, all 3 have their unique properties which we will go over in detail.
Under the scan details, we can decide what type of scan we want to run, define the URLs we want to test upon and specify the protocol. Under the detailed scope config, we can also set several options such as the URL prefix (which is a fancy word for what you want the URL to start with). You can do this either for the things that have to be included or excluded.
Afterward, you can also save the configurations to the library which allows you to later re-use them.
Crawling a website allows burp to automatically look for any URL or link it finds on the webpage that you give it and then attempt to surf there and it will repeat the same actions. This can take one or multiple URLs as a starting point and go from there. Please note that this does not serve the purpose of auditing those found items.
The depth of this crawling and any other options can be set in the 'Scan configurations' which we will go over in the next section.
We can also audit the crawled items directly which will analyse the results and do things like static or dynamic code analysis (based on our settings in the Scan configurations).
This option is only availble if we select several urls from the sitemap and right click them.