Burp Suite contains a wealth of features and capabilities to support manual and automated security testing. Use the links below for more information: Like any security testing software, Burp Suite ...

If you need to use an external browser with Burp instead of Burp's preconfigured Chromium browser, perform the following configuration steps. For the vast majority of users, this process is not ...

A proxy listener is a local HTTP proxy server that listens for incoming connections from the browser. It enables you to monitor and intercept all requests and responses. By default, Burp creates a ...

You need to configure Firefox so that you can use it for testing with Burp Suite.

Burp Suite is a comprehensive suite of tools for web application security testing. This interactive tutorial is designed to get you started with the core features of Burp Suite as quickly as possible.

Many servers now support HTTP/2. This exposes them to potential vulnerabilities that are impossible to test for using tools that only speak HTTP/1. Burp Suite provides unrivaled support for ...

Professional By default, attacks are saved in-memory, so they are lost if you close Burp Suite. However, you can save them to your project file. Select Save attack to project file. We recommend that ...

You can test web applications and mobile apps using an iOS device. To do this, you need to do the following: Configure your Burp Proxy listener to accept connections on all network interfaces. Connect ...

Use this function to discover content and functionality that is not linked from visible content that you can browse to or Burp Scanner can crawl. You can see the discovered content in a site map for ...

Blind cross-site scripting (XSS) is a type of stored XSS in which the data exit point is not accessible to the attacker, for example due to a lack of privileges. To test for blind XSS vulnerabilities, ...

Burp Infiltrator is a tool for instrumenting target web applications in order to facilitate testing using Burp Scanner. Burp Infiltrator modifies the target application so that Burp can detect cases ...

When you send an HTTP request to Burp Intruder, it opens in a new attack tab. Burp Intruder enables you to insert payloads into defined positions in an HTTP request, then send each version of the ...