Burp Suite, the leading toolkit for web application security testing

Using Burp Repeater

Burp Repeater is a simple tool for manually manipulating and reissuing individual HTTP requests, and analyzing the application's responses. You can use Repeater for all kinds of purposes, such as changing parameter values to test for input-based vulnerabilities, issuing requests in a specific sequence to test for logic flaws, and reissuing requests from Burp Scanner results to manually verify reported issues.

Issuing Requests

The main Repeater UI lets you work on multiple different requests simultaneously, each in its own tab. When you send requests to Repeater, each one is opened in its own numbered tab. Each tab contains the following items:

The easiest way to start working with Repeater is to select the request you want to work on within another Burp tool (such as the Proxy history or Target site map), and use the "Send to Repeater" option on the context menu. This will create a new request tab in Repeater, and automatically populate the target details and request message editor with the relevant details. You can then modify and issue the request as required.

When your request is ready to send, click the "Go" button to send it to the server. The response is displayed when this is received, together with the response length and a timer (in milliseconds). You can use the usual HTTP message editor functions to help analyze the request and response messages, and carry out further actions.

Request History

Each Repeater tab maintains its own history of the requests that have been made within it. You can click the "<" and ">" buttons to navigate backwards and forwards through this history and view each request and response. You can also use the drop-down buttons to show a numbered list of adjacent items in the history, and quickly move to them. At any point in the history, you can edit and reissue the currently displayed request.

Repeater Options

Burp Repeater has various options that control its behavior, including automatic updating of the Content-Length header, unpacking of compressed content, and the following of redirections. You can access these options via the Repeater menu. 

Managing Request Tabs

You can easily manage Repeater's request tabs. You can:


Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Thursday, March 12, 2015


This release contains various bugfixes and minor enhancements, including:

  • In the site map table, the "Method" column previously always showed GET for requests without a body, and POST for requests with a body, even if the actual method was different. This bug has now been fixed and the table shows the correct method.
  • A bug which prevented client SSL certificates from being used when an upstream proxy is configured has been fixed.
  • A bug which caused Decoder to fail to decode hex number HTML entities containing an upper-case X has been fixed.
  • See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.