What is Burp Bounty Pro?
Burp Bounty Pro is a Burp Suite extension that lets you create custom scan profiles for detecting vulnerabilities in web applications — without writing code. Define your own payloads, match conditions, and detection rules, or use the 254 built-in profiles and 27 Smart Scan rules to start finding real vulnerabilities immediately.
What's New in v3.0
-
Multi-Step Scanning — Chain multiple scanning steps with cookie reuse for complex authenticated workflows and multi-stage attack scenarios.
-
Smart Scan (IF-THEN Rules) — Detect WordPress? Auto-launch WordPress exploit profiles. Spot SQLi-prone parameters? Trigger targeted injection testing. 27 pre-configured rules included.
-
Time-Based Detection Engine — Detect timing-based vulnerabilities like sleep-based SQL injection and blind command injection with configurable thresholds.
-
Global Variables — Use dynamic variables like
{CURRENT_HOST}, {BC}, {REDIRECT_DOMAIN} in payloads and match patterns across all profiles.
-
30+ Insertion Point Types — URL params, body params, cookies, JSON keys/values, XML, HTTP headers, URL path components, and more.
-
Per-Scan Performance Control — Independent thread pools, configurable request rate, true pause/resume without losing state.
See the Documentation for the full reference, or try it free.
