login

Burp Suite, the leading toolkit for web application security testing

Saving and Restoring State

[Pro version] The functions to save and restore state can be accessed from the Burp menu.

Saving State

The items that can be saved are as follows:

Selecting "Save state" from the Burp menu launches a wizard where you can choose which items you want to save the state and configuration of, and select the output file. The following options are also available:

You can continue using Burp while its state is being saved, although you may experience some brief delays if you try to perform an operation on data that Burp is in the process of saving, to prevent any data corruption.

Restoring State

Selecting "Restore state" from the Burp menu launches a wizard where you can choose which items you want to restore the state and configuration of. The first step is to select a state file that you previously saved. Burp then analyses the file to determine its contents (i.e., the tools whose state and configuration it contains). You can then choose which tools' state and configuration you want to restore, and whether to add to or replace each tool's existing state.

You can optionally tell Burp to pause the Spider and Scanner tools following the restore. This option is on by default and is usually desirable when restoring an old state file, to avoid inadvertently attacking any targets which are in-scope for that state file and which have actions pending in the Spider or Scanner queues.

You can continue using Burp while its state is being restored, although you may experience some brief delays if you try to perform an operation on data that Burp is in the process of restoring, to prevent any data corruption.

Usage Scenarios

The ability to save and restore tool state and configuration is of huge benefit to penetration testers:

User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Tuesday, November 18, 2014

v1.6.08

This release contains various new features and enhancements.

The Scanner has been updated with the ability to detect cross-site request forgery vulnerabilities. The Scanner logic for the detection of XSS and SQL injection vulnerabilities has been further enhanced. Burp's use of temporary files has been updated to use a small number of large temporary files, rather than an individual file for each saved HTTP request and response.

See all release notes ›

Copyright © 2014 PortSwigger Ltd. All rights reserved.