login

Burp Suite, the leading toolkit for web application security testing

Manual Testing Simulator

To access this function, select part of the Target site map, and choose "Simulate manual testing" within "Engagement tools" in the context menu.

This function won't exactly enhance your productivity, but you may sometimes find it useful nonetheless. The function sends common test payloads to random URLs and parameters at irregular intervals, to generate traffic similar to that caused by manual penetration testing. Only items that you selected in the site map will be requested. 

Burp doesn't do anything with the responses, so you won't find out about any bugs in this way. But if you think that someone might be reviewing the application's logs to confirm that you are working, you can use this feature while you nip out for a long lunch, gym session, drinking binge, or whatever happens to be your preferred diversion.

Use the "Simulation running" checkbox to start and stop the manual testing simulator.

Now, it wouldn't be appropriate to have a counter showing how much the simulator has earned at your standard day rate, would it? Easter Eggs, anyone?

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Tuesday, March 31, 2015

v1.6.13

This release contains various bugfixes and minor enhancements, including:

  • Some bugs in the Target site map, which caused scope-based view filters to be sometimes misapplied, and orphaned tree nodes to occasionally appear, have now been fixed.
  • Burp now detects startup deadlocks caused by extensions, and doesn't reload them on the subsequent startup.
  • Burp now detects failure to delete temporary files on shutdown, and automatically deletes them on the next startup, without prompting the user.

See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.