The following steps will guide you to perform web application analysis using the Burp Suite:

1. The leftmost tab in the Burp Suite interface is Target. There are two tabs underneath this tab, called Site map and Scope. The Site map tab will be automatically populated as content is accessed via the proxied web browser. The Scope tab allows the user to configure sites and site content to be either included or excluded from the scope.

2. To add a new site to the scope of the assessment, click on the Add button under the Include in scope table. Have a look at the following screenshot:

3. Adding in-scope content can be as general as a range of IP addresses or as specific as an individual file. The Protocol option has a drop-down menu that includes values of ANY, HTTP, or HTTPS. The Host or IP range field can include a single hostname, single IP, or range of IP addresses. Additionally, text fields exist for both Port and File. Fields can be left blank to limit the specificity of the scope. Fields should be populated using regular expressions.
4. In the example provided, the caret opens each of the regular expressions, the dollar sign closes them, and the backslashes are used to escape the special meaning of the periods in the IP address. It is not within the scope of this book to address the use of regular expressions, but many resources are openly available on the Internet to explain their use. One good web primer you can use to familiarize yourself with regular expressions is http://www.regular-expressions.info/.