In this section, we'll describe various ways in which HTTP request smuggling vulnerabilities can be exploited, depending on the intended functionality and other behavior of the application. In some ...

Best for pentesters and hands-on security professionals. Free up testing time with scalable, automated scanning Automated DAST scanning without limits. Free up testing time with trusted Burp ...

CI-driven scans enable you to run Burp Scanner from a Docker container in your CI/CD environment. This is an easy way to integrate Burp Suite Enterprise Edition with your CI/CD platform. It requires ...

This lab's two-factor authentication is vulnerable due to its flawed logic. To solve the lab, access Carlos's account page.

In this section, we'll explain cross-site WebSocket hijacking (CSWSH), describe the impact of a compromise, and spell out how to perform a cross-site WebSocket hijacking attack. Cross-site WebSocket ...

Before you update Burp Suite Enterprise Edition, you should disable scanning. Any queued scans (that is, scans that have been created by the system but not yet started) will fail if they attempt to ...

This lab involves a front-end and back-end server, and the front-end server doesn't support chunked encoding. There's an admin panel at /admin, but the front-end server blocks access to it. To solve ...

Welcome to the Burp Suite Enterprise Edition user guide. This guide explains how to set up users, sites, and scans so that you can get your scanning workflow up and running. It also gives a ...

When you enable multi-factor authentication (MFA), all users must enter a passcode from an external authentication app in addition to their username and password when they log in. This helps to make ...

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data ...

You may occasionally want to check if your services are running or manually stop and restart them. The process for this differs depending on whether you're using a standard or Kubernetes Burp Suite ...