Burp Suite contains a wealth of features and capabilities to support manual and automated security testing. Use the links below for more information: Like any security testing software, Burp Suite ...

You can set the type of payload that you want to inject into the base request. Burp Intruder provides a range of options for auto-generating different types of ...

If you need to use an external browser with Burp instead of Burp's preconfigured Chromium browser, perform the following configuration steps. For the vast majority of users, this process is not ...

Professional By default, attacks are saved in-memory, so they are lost if you close Burp Suite. However, you can save them to your project file. Select Save attack to project file. We recommend that ...

You can use Burp Suite to perform security tests for mobile applications. To do this, you need to configure the mobile device to proxy its traffic via Burp Proxy ...

A proxy listener is a local HTTP proxy server that listens for incoming connections from the browser. It enables you to monitor and intercept all requests and responses. By default, Burp creates a ...

Race conditions are a common type of vulnerability closely related to business logic flaws. They occur when websites process requests concurrently without adequate safeguards. This can lead to ...

In this section, you'll learn how simple file upload functions can be used as a powerful vector for a number of high-severity attacks. We'll show you how to bypass common defense mechanisms in order ...

Blind SQL injection occurs when an application is vulnerable to SQL injection, but its HTTP responses do not contain the results of the relevant SQL query or the details of any database errors. Many ...

Automated DAST scanning without limits. Built on the Burp technology your security teams already trust. Gain complete visibility of your web application's attack surface. Secure apps before they hit ...

In this section, we'll build on the concepts you've learned so far and teach you some more advanced HTTP request smuggling techniques. We'll also cover a variety of HTTP/2-based attacks that are made ...

In this section, we'll explain how to manipulate WebSocket messages and connections, describe the kinds of security vulnerabilities that can arise with WebSockets, and give some examples of exploiting ...