login

Burp Suite, the leading toolkit for web application security testing

Burp Proxy History

The Proxy history maintains a full record of all messages that have passed through the Proxy. You can filter and annotate this information to help manage it, and also use the Proxy history to drive your testing workflow.

The Proxy history is always updated even when you have interception turned off, allowing you to browse without interruption while still monitoring key details about application traffic.

History Table

Separate history tables are shown for HTTP and WebSockets messages. Each table shows full details of the messages that have passed through the Proxy, and any modifications you have made to intercepted messages.

The HTTP history table contains the following columns:

The WebSockets history table contains the following columns:

You can reorder the table's contents by clicking on any column header (clicking a header cycles through ascending sort, descending sort, and unsorted). For example, if you prefer your history table to grow "upwards", with the most recent items at the top of the table, then you can apply a descending sort to the request number column.

You can also reorder the table's columns by dragging columns. This can be useful if you want to ensure that certain columns are always visible.

If you select an item in the table, the lower pane shows the relevant message(s) for the item (whether HTTP or WebSockets messages). If a message was modified, either through user interception or through automatic response modification or match and replace rules, then each modified message is shown separately. The lower pane contains a message editor for each message, providing detailed analysis.

In addition to the main history view, you can also:

Display Filter

Each history table has a display filter that can be used to hide some of its content from view, to make it easier to analyze and work on the content you are interested in.

The filter bar above the history table describes the current display filter. Clicking the filter bar opens the filter options for editing.

The HTTP history filter can be configured based on the following attributes:

The WebSockets history filter can be configured based on the following attributes:

The content displayed within the Proxy history is effectively a view into an underlying database, and the display filters control what is included in that view. If you set a filter to hide some items, these are not deleted, only hidden, and will reappear if you unset the relevant filter. This means you can use the filter to help you systematically examine a large Proxy history to understand where different kinds of interesting requests appear.

Annotations

You can annotate Proxy history items by adding comments and highlights. This can be useful to describe the purpose of different items, and to flag up interesting items for further investigation.

You can add highlights in two ways:

You can add comments in two ways:

You can also annotate items as they appear in the Intercept tab, and these will automatically appear in the history table.

When you have annotated interesting items, you can use column sorting and the display filter to quickly find these items later.

Testing Workflow

As well as displaying details of all messages passing through the Proxy, the history enables you to control and initiate specific attacks, using the context menu. Depending on the type of history being shown, the following options are available:

User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Wednesday, June 11, 2014

v1.6.01

This release contains various enhancements to existing functionality, including improvements to the Spider's link-discovery engine, which now achieves a WIVET score of 50%. There is more work to do in this area, and improved crawling of JavaScript-driven navigation is in the pipeline.

Various bugs have also been fixed.

See all release notes ›

Copyright © 2014 PortSwigger Ltd. All rights reserved.