Let's go ahead and understand the Burp Audit/Scanner rules and mechanism. Burp Auditor is mainly divided into the three following core categories:

• Passive phase
• Active phase
• JavaScript analysis phase

This allows Burp to actively spot and exploit functions that are stored and returned to the user in response to input. It also helps to avoid duplication by handling frequently occurring issues and insertion points in an optimal manner. Also, it effectively makes use of the system resources by executing work in parallel. 

Burp Auditor reports tons of issues, widely ranging into the following categories:

• Passive: This is a non-intrusive audit that does analysis purely on the basis of the request and response received by a normal user traversal and form submissions.
• Light Active: This entails minor updates and changes done by Burp to find nominal flaws, such as cross-origin resource sharing.
• Medium Active: Here, Burp sends a few requests that an application might parse as malicious. The best example would be OS injection commands. 
• Intrusive Active: Burp sends requests that might be more dangerous in nature and are likely to be detected if there are Web Application Firewalls (WAF) in place (for example, SQL injection).
• JavaScipt analysis: These are the ones that do a JavaScript-based analysis. The best example of this would be Document Object Model (DOM) based cross-site scripting.

In the following section, we will understand how Burp Scanner targets the various insertion points.