Last year Johan Carlsson discovered you could conceal payloads inside the credentials part of the URL . This was fascinating to me especially because the payload is not actually visible in the URL in ...

A Burp extension to generate async Python code from HTTP requests. This extension generates different flavors of scripts (e.g. with/without session, with/without main function). The resulting codes ...

You need to configure Firefox so that you can use it for testing with Burp Suite.

You can configure an Android device to proxy HTTP traffic through Burp Suite. This enables you to test Android apps just like ordinary websites. The process for doing ...

Burp Suite contains a wealth of features and capabilities to support manual and automated security testing. Use the links below for more information: Like any security testing software, Burp Suite ...

When you send a request to Burp Intruder, a new tab is created containing the request and target details. You can set payload positions anywhere in these fields. These positions determine where Burp ...

Burp's support for invisible proxying allows non-proxy-aware clients to connect directly to a Proxy listener. This is useful if the target application uses a thick client component that runs outside ...

Blind cross-site scripting (XSS) is a type of stored XSS in which the data exit point is not accessible to the attacker, for example due to a lack of privileges. To test for blind XSS vulnerabilities, ...

These settings enable Burp to carry out automatic platform authentication to destination web servers. You can configure authentication types and credentials for individual hosts, and disable platform ...

This is a quick reference guide to troubleshooting the most common Burp Scanner error messages. You can use Ctrl/Cmd + F to search for the error you've encountered to ...

When you launch a Burp Intruder attack, the attack runs in a new results window. This contains the attack results, and a clone of the configuration side panel from which the current attack is based.

When you send an HTTP request to Burp Intruder, it opens in a new attack tab. Burp Intruder enables you to insert payloads into defined positions in an HTTP request, then send each version of the ...