login

Burp Suite, the leading toolkit for web application security testing

Doing More With Burp

There are extensive resources on this site and elsewhere to help you learn more about Burp Suite, and take your web application testing to the next level:

  • If you want to learn more about getting the best out of Burp, you should read the extensive Burp Suite Help. This documentation includes a full reference for all of Burp's features and configuration options, together with getting started guides and examples of typical workflow and use-cases.
  • If you have a specific problem with Burp, or a feature request or bug report, you can visit the Burp Suite User Forum, to ask questions or discuss with hundreds of other active Burp users.
  • If you are new to web application security, or looking to develop your existing knowledge, a great resource is The Web Application Hacker's Handbook. Co-authored by the creator of Burp, this book is a practical guide to finding and exploiting security flaws in web applications, and aims to be the most deep and comprehensive general purpose guide to hacking web applications that is currently available.
  • If you are looking for more practical experience in security testing of web applications, you could come on our training course, Web Application Hacker's Handbook - Live Edition. This course is a practical opportunity to take the skills and theory taught in the book to the next level, experimenting with all of the tools and techniques against numerous vulnerable web applications and labs, under the guidance of the book’s authors. The course is a regular feature at security conferences around the world, including Black Hat, 44Con, Ruxcon, and Countermeasure.

User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Monday, October 20, 2014

v1.6.06

This release includes some major enhancements to the Scanner engine. Burp can now automatically report the following new types of issues: Perl code injection, PHP code injection, Ruby code injection, Server-side JavaScript code injection, File path manipulation, Serialized object in HTTP message, Client-side JSON injection, Client-side XPath injection, Document domain manipulation, Link manipulation, and DOM data manipulation.

See all release notes ›

Copyright © 2014 PortSwigger Ltd. All rights reserved.