You can set the type of payload that you want to inject into the base request. Burp Intruder provides a range of options for auto-generating different types of ...

A proxy listener is a local HTTP proxy server that listens for incoming connections from the browser. It enables you to monitor and intercept all requests and responses. By default, Burp creates a ...

If you need to use an external browser with Burp instead of Burp's preconfigured Chromium browser, perform the following configuration steps. For the vast majority of users, this process is not ...

Many servers now support HTTP/2. This exposes them to potential vulnerabilities that are impossible to test for using tools that only speak HTTP/1. Burp Suite provides unrivaled support for ...

You can use Burp Suite to perform security tests for mobile applications. To do this, you need to configure the mobile device to proxy its traffic via Burp Proxy ...

Burp Suite contains a wealth of features and capabilities to support manual and automated security testing. Use the links below for more information: Like any security testing software, Burp Suite ...

You can view HTTP and WebSocket messages in various places throughout Burp Suite. Wherever you can see messages, Burp provides a number of functions to help you quickly analyze them. This drives ...

Burp Suite is a comprehensive suite of tools for web application security testing. This interactive tutorial is designed to get you started with the core features of Burp Suite as quickly as possible.

WebSockets are long-lived connections that support asynchronous communication in both directions. They are often used for real-time applications such as chat and streaming, or event-driven functions ...

Before attempting to install Burp's CA certificate, make sure that you have successfully confirmed that the proxy listener is active and have configured your browser ...

When testing web applications, you may encounter challenges relating to session handling and application state. For example: The application may terminate the testing session, either defensively or ...

Race conditions are a common type of vulnerability closely related to business logic flaws. They occur when websites process requests concurrently without adequate safeguards. This can lead to ...