login

Burp Suite, the leading toolkit for web application security testing

Burp Suite Documentation - Contents

    Getting Started
         Launching Burp
         Display Settings
         Configuring Your Browser
         The Basics of Using Burp
         Next Steps
    Using Burp Suite
         Testing Workflow
         Recon and Analysis
         Tool Configuration
         Vulnerability Detection and Exploitation
         Read More
    Burp Tools
    Troubleshooting
 
Target
    Using
         Manual Application Mapping
         Defining Target Scope
         Reviewing Unrequested Items
         Discovering Hidden Content
         Analyzing The Attack Surface
         Driving Your Testing Workflow
    Site Map
         Target Information
         Display Filter
         Annotations
         Testing Workflow
             Comparing Site Maps
                 Site Map Sources
                 Request Matching
                 Response Comparison
                 Comparison Results
    Scope
 
Proxy
    Getting Started
    Using Burp Proxy
         Getting Set Up
         Intercepting Requests and Responses
         Using the Proxy History
         Driving Your Testing Workflow
         Key Configuration Options
    Intercepting Messages
         Controls
         Message Display
    History
         History Table
         Display Filter
         Annotations
         Testing Workflow
    Options
         Proxy Listeners
             Binding
             Request Handling
                 Invisible Proxying
             Certificate
                 Install CA Certificate
                     Internet Explorer
                     Firefox
                     Chrome
                     Safari
                     IPhone
                     Android
             Exporting and Importing the CA Certificate
         Intercepting HTTP Requests and Responses
         Intercepting WebSockets Messages
         Response Modification
         Match and Replace
         SSL Pass Through
         Miscellaneous
    In-Browser Controls
 
Spider
    Getting Started
    Using Burp Spider
         Manual Preparation
         Configuring Spider Settings
         Initiating the Spider
    Control Tab
         Spider Status
         Spider Scope
    Options
         Crawler Settings
         Passive Spidering
         Form Submission
         Application Login
         Spider Engine
         Request Headers
 
Scanner
    Getting Started
    Using Burp Scanner
         Burp's Scanning Paradigm
         Passive Scanning
         Active Scanning
         Reviewing Scan Results
         Reporting
    Point-and-Click
    Scan Modes
         Active Scanning
         Passive Scanning
    Initiating Scans
         Manual Scanning
             Active Scanning Wizard
         Live Scanning
             Live Active Scanning
             Live Passive Scanning
    Scan Queue
    Results
    Reporting
         Report Format
         Issue Details
         HTTP Messages
         Issue Types
         Report Details
    Options
         Attack Insertion Points
             Insertion Point Locations
             Change Parameter Locations
             Nested Insertion Points
             Maximum Insertion Points Per Request
             Skipping Parameters
         Active Scanning Engine
         Active Scanning Optimization
         Active Scanning Areas
         Passive Scanning Areas
         Static Code Analysis
    Issue Types
 
Intruder
    Getting Started
    Using Burp Intruder
         How Intruder Works
         Typical Uses
             Enumerating Identifiers
             Harvesting Useful Data
             Fuzzing For Vulnerabilities
         Configuring an Attack
         Launching an Attack
    Target
    Positions
         Request Template
         Payload Markers
         Attack Type
    Payloads
         Types
             Simple List
                 Predefined Payload Lists
             Runtime File
             Custom Iterator
             Character Substitution
             Case Modification
             Recursive Grep
             Illegal Unicode
             Character Blocks
             Numbers
             Dates
             Brute Forcer
             Null Payloads
             Character Frobber
             Bit Flipper
             Username Generator
             ECB Block Shuffler
             Extension-Generated
             Copy Other Payload
         Processing
             Payload Processing Rules
             Payload Encoding
    Options
         Request Headers
         Request Engine
         Attack Results
         Grep - Match
         Grep - Extract
         Grep - Payloads
         Redirections
    Attacks
         Launching an Attack
         Results Tab
             Results Table
             Display Filter
             Annotations
             Testing Workflow
         Attack Configuration Tabs
         Results Menus
             Attack Menu
             Save Menu
             Columns Menu
 
Repeater
    Using Burp Repeater
         Issuing Requests
         Request History
         Repeater Options
         Managing Request Tabs
    Options
 
Sequencer
    Getting Started
    Randomness Tests
         Character-Level Analysis
         Bit-Level Analysis
    Samples
         Live Capture
             Select Live Capture Request
             Token Location Within Response
             Live Capture Options
             Running the Live Capture
         Manual Load
    Analysis Options
         Token Handling
         Token Analysis
    Results
         Summary
         Character-level Analysis
         Bit-level Analysis
         Analysis Options
 
Decoder
    Loading Raw Data
    Transformations
    Working Manually
    Smart Decoding
 
Comparer
    Loading Raw Data
    Performing Comparisons
 
Extender
    Loading and Managing Extensions
    Extension Details
    BApp Store
    Burp Extender APIs
    Options
         Settings
         Java Environment
         Python Environment
         Ruby Environment
 
Suite Functions
    Message Editor
         Message Analysis Tabs
             Raw
                 Text Editor
                     Syntax Analysis
                     Hotkeys
                     Text Search
             Params
             Headers
             Hex
             HTML
             XML
             Render
             ViewState
             AMF
         Context Menu Commands
    Saving and Restoring State
         Saving State
         Restoring State
         Usage Scenarios
    Search
         Search
         Find Comments and Scripts
         Find References
    Target Analyzer
    Content Discovery
         Control
         Target
         Filenames
         File Extensions
         Discovery Engine
         Site Map
    Task Scheduler
    Generate CSRF PoC
         Options
    URL-Matching Rules
    Response Extraction Rules
    Remembering Settings
    Manual Testing Simulator
    Alerts
 
Suite Options
    Connections
         Platform Authentication
         Upstream Proxy Servers
         SOCKS Proxy
         Timeouts
         Hostname Resolution
         Out-of-Scope Requests
    HTTP
         Redirections
         Streaming Responses
         Status 100 Responses
    SSL
         SSL Negotiation
         Client SSL Certificates
         Server SSL Certificates
    Sessions
         Session Handling Challenges
         Session Handling Rules
             Rule Editor
                 Rule Description
                 Rule Actions
                     Use Cookies From the Session Handling Cookie Jar
                     Set a Specific Cookie or Parameter Value
                     Check Session Is Valid
                     Prompt For In-Browser Session Recovery
                     Run a Macro
                     Run a Post-Request Macro
                     Invoke a Burp Extension
                 Tools Scope
                 URL Scope
                 Parameter Scope
             Session Handling Tracer
         Cookie Jar
         Macros
             Macro Editor
                 Record Macro
                 Configuring Macro Items
                     Cookie Handling
                     Parameter Handling
                     Custom Parameter Locations In Response
                 Re-Analyze Macro
                 Test Macro
         Integration With Burp Tools
    Display
         User Interface
         HTTP Message Display
         Character Sets
         HTML Rendering
    Misc
         Hotkeys
         Logging
         Temporary Files Location
         Automatic Backup
         Scheduled Tasks
         Performance Feedback
 
Contents

 

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Tuesday, February 17, 2015

v1.6.11

This release adds a new Scanner check for path-relative style sheet import (PRSSI) vulnerabilities.

These issues are not widely understood by security testers or application developers, and real vulnerabilities are quite prevalent in the wild. The impact of the vulnerability is in many cases serious, and equivalent to cross-site scripting (XSS).

See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.