# Interface Overview Burp Bounty Pro adds a **Burp Bounty Pro** tab to the main Burp Suite interface. This tab contains several sub-tabs for managing scans, profiles, rules, and settings. ![Burp Bounty Pro main interface](https://710436228-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FK0ure45w5tAMFDkq49ZN%2Fuploads%2Fgit-blob-92c8ae3b23c1583e16d3cee0cc0fae4e586e70aa%2Finterface-main-tabs.png?alt=media) ## πŸ“‘ Main Tabs ### πŸ“Š Dashboard The Dashboard is your primary view for monitoring scan activity and reviewing results. **Scanner Progress Table:** * Shows active scan tasks with their status (🟒 Running, 🟑 Paused, βœ… Completed, ❌ Failed) * Displays the profile name, target URL, and progress information * Real-time updates as scans execute **Issues Table:** * Lists all vulnerabilities and findings detected by Burp Bounty Pro * Columns: Issue Name, Severity, Confidence, Host, Path * Click on an issue to view its full details including the payload used and grep match **Control Buttons:** * ⏸️ **Pause All** β€” Pauses all running scans using PausableThreadPoolExecutor. Threads block at a safe point and resume exactly where they left off. No scan progress is lost. * ▢️ **Resume All** β€” Resumes all paused scans instantly * ⏹️ **Stop** β€” Stops all scans and clears the task queue * πŸ—‘οΈ **Clear Issues** β€” Clears the issues table * πŸ”„ **Live Passive Scan** β€” Toggle button to enable/disable automatic passive scanning of all HTTP traffic. When enabled, the "Scope Only" checkbox restricts scanning to in-scope targets. ### πŸ”Ž Scanners The Scanners tab is organized into dedicated sub-tabs for each scan type: #### 🎯 Active The Active sub-tab provides detailed per-request logging of active scan activity. * Shows every HTTP request made by active scan profiles * Includes request/response pairs for debugging and analysis * Displays the profile name, payload, and result for each request * Highlights in blue when new scan activity starts from Smart Scan or AI Scanner #### πŸ‘οΈ Passive The Passive sub-tab shows results from passive scanning. * Lists each passive scan entry with host, method, URL, parameter count, and findings summary * Tracks matched profiles for each scanned request * Includes request/response viewers #### 🧠 Smart The Smart sub-tab tracks Smart Scan rule evaluations and triggered scans. * Shows matched rules for each request * Displays which active profiles were launched and scan count * Links to the triggered active scans #### πŸ€– AI The AI sub-tab manages AI Scanner entries and results. * Results table with status (Analyzing, Complete, Error), findings summary, and parameter count * Detail panel with request/response viewers and full AI JSON response * Entry controls: Pause, Resume, Cancel, Remove, Clear * Settings button for configuring AI provider, API key, model, endpoint, and prompts See [AI Scanner](https://docs.bountysecurity.ai/scanning/ai-scan) for full documentation. #### πŸ“‘ Live The Live sub-tab shows real-time passive scan activity from the Live Passive Scan feature. ### πŸ“ Profiles The Profiles tab manages all scanning profiles, organized into three categories: 🎯 **Active Profiles:** * Profiles that actively send payloads to test for vulnerabilities * Columns: Enabled, Profile Name, **Tags**, Author's Twitter * Actions: Add, Edit (double-click), Delete, Duplicate, Enable/Disable, Set New Tag, Import, Export πŸ“¨ **Passive Request Profiles:** * Profiles that analyze HTTP requests passing through Burp Suite * Columns: Enabled, Profile Name, **Tags**, Author's Twitter * Actions: Add, Edit (double-click), Delete, Duplicate, Enable/Disable, **Set New Tag**, Import, Export πŸ“© **Passive Response Profiles:** * Profiles that analyze HTTP responses received by Burp Suite * Columns: Enabled, Profile Name, **Tags**, Author's Twitter * Actions: Add, Edit (double-click), Delete, Duplicate, Enable/Disable, **Set New Tag**, Import, Export > πŸ“ **Note:** All three profile tables now share the same layout with the Tags column and full right-click context menu (Enable, Disable, Set New Tag). 🏷️ **Tags Manager:** * View and manage tags used to categorize profiles * Tags are used in Rules to target groups of profiles * Tags organize the passive scan context menu into submenus **Common Actions:** * πŸ“₯ **Import** β€” Load profiles from `.bb` JSON files * πŸ“€ **Export** β€” Save profiles to `.bb` JSON files for sharing * πŸ“‹ **Duplicate** β€” Clone a profile with auto-generated name suffix * πŸ–±οΈ **Double-click** β€” Open the profile editor dialog (non-modal) * 🏷️ **Right-click** > **Set New Tag** β€” Assign a tag to selected profiles (works on all three tables) ### πŸ“‹ Rules The Rules tab manages Smart Scan rules that define automated scanning workflows. * Each rule has: Name, Enabled status, Description * Rules follow an IF-THEN pattern: IF passive conditions match, THEN execute active profiles * Actions: Add, Edit, Delete, Duplicate, Enable/Disable, Import, Export * Rule files use the `.bbre` extension ### βš™οΈ Options The Options tab provides global configuration settings: * ⏱️ **Scan Timeout** β€” Maximum time for a scan before marking as failed * 🌐 **Collaborator Refresh** β€” Polling interval for Burp Collaborator results * πŸ”’ **Max Concurrent Scans** β€” Limit the number of simultaneous scans * 🚫 **Avoid URLs** β€” URL patterns to exclude from scanning > πŸ“ **Note:** Thread pool size, concurrency, and requests per second are configured **per scan** in the URL Filter popup that appears before each scan, not in the global Options tab. See [Scan Control](https://docs.bountysecurity.ai/scanning/scan-control). ### πŸ”€ Variables The Variables tab manages global variables used in profiles: * View all configured variables with their current values * Add, edit, and remove custom variables * Default variables include `{REDIRECT_DOMAIN}`, `{ATTACKER_DOMAIN}`, `{XXE_FILE}`, and more * Variables are replaced at runtime in payloads, grep patterns, and raw requests ### πŸ”‘ License The License tab shows license status and activation: * Enter and activate license keys * View license expiration and status ### ℹ️ About The About tab displays: * Burp Bounty Pro version (currently v3.1.0) * Author information * Links to documentation and support * πŸ”„ **Check For Updates** β€” Button that checks for new versions of Burp Bounty Pro and new/updated scanning profiles ## πŸ–±οΈ Context Menus Burp Bounty Pro integrates with Burp Suite's right-click context menus throughout the application. ### On HTTP Requests (Proxy, Site Map, Repeater, etc.) | Menu Item | Description | | -------------------- | ----------------------------------------------- | | 🎯 **Active Scan** | Launch an active scan with the URL Filter popup | | 🧠 **Smart Scan** | Launch a Smart Scan with rule-based automation | | πŸ‘οΈ **Passive Scan** | Launch a passive scan with tag-based submenu | | πŸ€– **AI Scanner** | Launch AI-powered analysis with auto-scan | The **Passive Scan** submenu provides tag-based filtering: ``` πŸ‘οΈ Passive Scan β”œβ”€β”€ 🌐 All (N) ← All passive profiles β”œβ”€β”€ πŸ“¨ Passive Request ← Request profiles organized by tag β”‚ β”œβ”€β”€ All (N) β”‚ β”œβ”€β”€ Tag1 (N) β”‚ └── Tag2 (N) └── πŸ“© Passive Response ← Response profiles organized by tag β”œβ”€β”€ All (N) β”œβ”€β”€ Tag1 (N) └── Tag2 (N) ``` ### On Profile Table Rows | Menu Item | Description | | ------------------- | ------------------------------------------- | | βœ… **Enable** | Enable the selected profile(s) | | ❌ **Disable** | Disable the selected profile(s) | | 🏷️ **Set New Tag** | Assign a new tag to the selected profile(s) | Available on all three profile tables (Active, Passive Request, Passive Response). ## πŸ”— URL Filter Popup The URL Filter popup appears before launching Active, Smart, Passive, and AI scans: | Section | Description | | ------------------------ | ---------------------------------------------------------------- | | πŸ”— **URL Table** | Select which URLs to include in the scan | | πŸ”„ **Match and Replace** | Request modification rules (add headers, change parameters) | | ⚑ **Scanner Settings** | Per-scan performance settings (context-aware based on scan type) | The Scanner Settings section adapts based on the scan type: | Scan Type | Available Settings | | -------------------- | ------------------------------------------------------------------ | | 🎯 **Active Scan** | Threads, Active Concurrency, Requests/sec | | 🧠 **Smart Scan** | Threads, Passive Concurrency, Active Concurrency, Requests/sec | | πŸ‘οΈ **Passive Scan** | Threads, Passive Concurrency | | πŸ€– **AI Scanner** | Threads, AI Analysis Concurrency, Active Concurrency, Requests/sec |