ENTERPRISEPROFESSIONALCOMMUNITY

Burp Suite documentation - contents

• Last updated: November 30, 2022

• Read time: 21 Minutes

Documentation
Desktop editions
	Getting started
		Download and install
		Intercepting HTTP traffic with Burp Proxy
			Intercepting a request
		Modifying requests in Burp Proxy
			Step 1: Access the vulnerable website in Burp's browser
			Step 2: Log in to your shopping account
			Step 3: Find something to buy
			Step 4: Study the add to cart function
			Step 5: Modify the request
			Step 6: Exploit the vulnerability
		Setting the target scope
		Reissuing requests with Burp Repeater
			Sending a request to Burp Repeater
			Testing different input with Burp Repeater
		Running your first scan
			Scanning a website
			Generating a report
		What next?
			Continue your Burp Suite journey
		Activate license
			Manual activation
		Launch from the command line
			Checking your Java version
			Launching the Burp Suite JAR
			Command line arguments
		Mac installer
		Startup wizard
			Selecting a project
			Opening a project from a different Burp installation
			Selecting a configuration
		System requirements
			CPU cores / memory
			Free disk space
			Operating system and architecture
	Extensions
		Creating
			Useful resources for extension developers
			Handling kettled HTTP/2 requests in extensions
			BApp Store acceptance criteria
			Submitting extensions to the BApp Store
				Step 1 - Check the acceptance criteria
				Step 2 - Submit your extension
				Step 3 - We review your extension
				Updating your BApp
			Extender API examples (Legacy)
		Installing extensions
			Installing extensions from the BApp Store
				Requirements
				Installing Jython or JRuby
			Installing an extension from a file
		Managing extensions
			Managing how extensions are handled on startup
			Managing extension folders
			Managing folders for library files
			Managing folders for Python modules
		Monitoring system impact
			Cumulative impact of extensions
	Scanning web sites
		Launching scans
		Configuring scans
		Monitoring scan activity
		Reporting
		Browser-powered scanning
			How to enable browser-powered scanning
			System requirements for browser-powered scanning
			Browser-powered scanning on Linux
		Recorded logins
			Limitations for recorded login sequences
			Tips for recording login sequences
			How to record a login sequence for Burp Scanner
				Recording login sequences using an external browser
			How to test a recorded login sequence
			Troubleshooting recorded login sequences
		Scan launcher
			Scan details
			Scan configuration
			Application login options
				Use login credentials
				Use recorded login sequences
			Resource pool options
		Live tasks
			Live task configuration
			Live audit
			Live passive crawl
		Crawl options
			Crawl optimization
				Maximum link depth
				Crawl strategy
			"Fastest" crawl strategy
				Crawl using my provided logins only
			Crawl limits
			Login functions
				How does the crawler identify login and registration forms?
				Why is the crawler not filling my login forms?
			Handling application errors during crawl
			Crawl project option overrides
			Miscellaneous crawl settings
				Burp's browser options
		API scanning
			Prerequisites for API scanning
			Deriving locations from an API definition
			Parameter handling during API scans
			Limitations for API scanning
		Audit options
			Audit optimization
			Issues reported
			Handling application errors during audit
			Insertion point types
			Modifying parameter locations options
			Ignored insertion points
			Frequently occurring insertion points
			Misc insertion point options
			JavaScript analysis options
			Audit project option overrides
		Burp Scanner built-in configurations
			Audit checks - all except JavaScript analysis
			Audit checks - all except time-based detection methods
			Audit checks - critical issues only
			Audit checks - extensions only
			Audit checks - light active
			Audit checks - medium active
			Audit checks - passive
			Audit coverage - maximum
			Audit coverage - thorough
			Crawl and audit - balanced
			Crawl and audit - deep
			Crawl and audit - fast
			Crawl and audit - lightweight
			Crawl limit - 10 minutes
			Crawl limit - 30 minutes
			Crawl limit - 60 minutes
			Crawl strategy - faster
			Crawl strategy - fastest
			Crawl strategy - more complete
			Crawl strategy - most complete
			Minimize false negatives
			Minimize false positives
			Never stop audit due to application errors
			Never stop crawl due to application errors
		Audit items
			Audit phase indicators
			Audit items annotations
		Reporting
			Report format
			Issue details
			HTTP messages
			Selecting issue types
			Report details
	Projects
		Project files
			Saving a copy of a project
			Saving the Burp Collaborator identifier
			Importing projects
			Recovering corrupted project files
	Configurations
		Configuration library
		User and project configuration files
		Loading and saving configuration files
		Configuration file format
	HTTP/2
		Background concepts
		Default protocol
		Keeping track of which protocol you're using
		Changing the protocol for a request
		Kettled requests
			What can cause a request to become kettled?
			Unkettling a request
			Kettled requests and extensions
		HTTP/2 settings
			Changing the default protocol
			Repeater options for HTTP/2
		Enforce protocol choice on cross-domain redirections
		Enable HTTP/2 connection reuse
		Strip Connection header over HTTP/2
		Allow HTTP/2 ALPN override
			Disabling HTTP/2 for proxy listeners
		Upcoming enhancements for HTTP/2 in Burp
			Increased support for kettled requests
		Normalization
			What normalization is performed?
				Why can't I move the Host header?
			Sending requests without any normalization
		Performing HTTP/2-exclusive attacks
			Injecting newlines into headers
		HTTP/2 basics for Burp users
			Binary protocol
			Frames
			Message length
			Header capitalization
			Pseudo-headers
	Useful functions
		Search
			Text search
			Find comments and scripts
			Find references
		Task scheduler
		Content discovery
			Control
			Target
			Filenames
			File extensions
			Discovery engine
			Site map
		Message editor
			Message analysis toolbar
				Raw tab
				Pretty tab
				Hex tab
				Render tab
				Additional tabs
				Extension-specific tabs
				Actions menu
			Other ways of using the message editor
			HTTP/2 messages in the message editor
			Context-specific actions
			Inspector
				Request attributes
				Viewing HTTP message data in the Inspector
					Automatic decoding
				HTTP/2 headers and pseudo-headers
				Selecting a substring
				Modifying requests using the Inspector
					Adding new items to a request
					Removing items from a request
					Reordering items in a request
					Editing the name or value of an item
					Injecting newlines
					Injecting other non-printing characters
				Copying items from the Inspector
				Configuring Inspector display settings
					Configuring default display settings
			Text editor
				Syntax analysis
				Pretty printing
				Line-wrapping
				Non-printing characters
				Text editor hotkeys
				Quick search
			Getting started with the Inspector
				Tutorial
					Step 1: Access the lab
					Step 2: Log in to a user account
					Step 3: Use the Inspector to examine the request
					Step 4: Use the Inspector to edit the cookie
					Step 5: Using the selection widget
				Learn more about the Inspector
		Burp's browser
			Manual testing with Burp's browser
			Scanning websites with Burp's browser
			Health check for Burp's browser
		URL-matching rules
			Normal scope control
			Advanced scope control
		Generate CSRF PoC
			CSRF PoC options
		Sending requests between different tools
			Sending requests to the same tool
		Learn
		Target analyzer
		Response extraction rules
		Manual testing simulator
	Settings
		User and project settings
		Finding settings
		Settings pages
		Key settings
			Target scope
			Platform-level authentication
			Session handling rules and macros
			Schedule tasks
			HTTP message appearance
		Sessions
			Session handling overview
			Session handling rules
			Cookie jar
			Macros
			Session handling rule editor
				Rule description
				Rule actions
					Use cookies from the session handling cookie jar
					Set a specific cookie or parameter value
					Check session is valid
					Make requests to validate session
					Inspect responses to determine session validity
					Define behavior dependent on session validity
				Run a macro to obtain a new valid session
					Prompt for in-browser session recovery
					Run a post-request macro
					Invoke a Burp extension
					Set a specific header value
				Tools scope
				URL scope
				Parameter scope
			Macros
				Record macro
				Configure item
					Parameter handling
					Custom parameter locations in response
				Re-analyze macro
				Test macro
		Tools
			Proxy
				Proxy history logging
				Default Proxy interception state
			Collaborator
			Burp's browser
				Settings and history
				Browser running
		Project
			Scope
			Tasks
				Default behavior when loading project files
				Scheduled tasks
			Automatic backup
			Logging
		Network
			Connections
				Platform authentication
				Timeouts
				Upstream proxy servers
				Hostname resolution overrides
				SOCKS proxy
			TLS
				TLS negotiation
				Client TLS certificates
				Server TLS certificates
				Java TLS options
			HTTP
				Allowed redirect types
				Streaming responses
				Status 100 response handling
				HTTP/1
				HTTP/2
		UI
			Message editor
				Widgets
				Position and display options
				Message editor settings
				HTTP message display
				Character sets
				HTML rendering
				HTTP message search
			Hotkeys
			Display
				Appearance
				Learn tab display
		Suite
			REST API
				Enabling the REST API
				Service URL
				API key
			Updates
			Performance feedback
				Logging exceptions to a local directory
			Temporary files location
	Troubleshooting
	Tutorials
		Video overviews
		Guided tutorials
		Intercepting HTTP requests and responses
		Augmenting manual testing using Burp Scanner
			Scanning specific requests
			Scanning user-defined insertion points
			Summary
		Resending individual requests with Burp Repeater
		Scanning a website
		Using live tasks in Burp Suite
		Using Burp Suite projects
		Touring the Burp Suite user interface
		Using Burp Proxy's interception rules
		Using target scope in Burp Suite
		Testing WebSockets with Burp Suite
		Reducing noise
			Setting a basic target scope
			Using filters
		Brute-forcing a login with Burp Intruder
			What is a Cluster bomb attack?
			Brute-forcing a login using a Cluster bomb attack
				Summary and next steps
		Enumerating subdomains with Burp Intruder
			Summary and next steps
		Viewing requests sent by Burp extensions using Logger
			Step 1: Send requests using an extension
			Step 2: Go to the Logger tab
			Step 3: Filter the Logger tab
			Step 4: Viewing individual requests
			Summary
		Testing for reflected XSS with Burp Repeater
			Step 1: Find an interesting request
			Step 2: Send the request to Burp Repeater
			Step 3: Search the response for your reflected input
			Step 4: Identify the injection context
			Step 5: Test for flawed input sanitization
			Step 6: Send an XSS proof of concept
			Summary
			Read more
		Using match and replace rules
			Step 1: Open the lab
			Step 2: Attempt to access the admin panel
			Step 3: Add a custom match and replace rule
			Step 4: Try to access the admin panel again
			Summary and next steps
		Credential stuffing using Burp Intruder
			What is credential stuffing?
			Step 1: Open the lab
			Step 2: Send a login request to Burp Intruder
			Step 3: Select the attack type
			Step 4: Configure the payload positions
			Step 5: Add the username payloads
			Step 6: Add the password payloads
			Step 7: Start the attack
			Step 8: Analyze the results
			Step 9: Confirm your results
			Summary
			What next?
		Using Burp Suite project settings
	Penetration testing
		Testing workflow
		Recon and analysis
		Tool configuration
		Vulnerability detection and exploitation
		Read more
	External browser configuration
		Check proxy listener is active
		Configuring Chrome to work with Burp Suite - Windows
		Configuring Chrome to work with Burp Suite - MacOS
		Firefox
		Safari
		Check your browser configuration
		Installing Burp's CA certificate
			Installing Burp's CA certificate on a mobile device
			Why do I need to install Burp's CA certificate?
			In-browser interface
			Chrome
				Removing Burp's CA certificate from Firefox
			Chrome
			Installing Burp's CA certificate in Chrome - Windows
				Removing the CA certificate from Windows
			Installing Burp's CA certificate in Chrome - Linux
				Removing the Burp Suite CA certificate
			Installing Burp's CA certificate in Chrome - MacOS
				Removing the Burp Suite CA certificate
			Chrome
				Removing Burp's CA certificate from Safari
			Troubleshooting
				Check that Burp is running
				Check your proxy listener is active
				Try a different port
				What next?
	Mobile testing
		Configuring a mobile device
		Configuring an iOS device to work with Burp Suite Professional
			Step 1: Configure the Burp Proxy listener
			Step 2: Configure your device to use the proxy
			Step 3: Install a CA certificate on your iOS device
			Step 4: Test the configuration
		Configuring an Android device to work with Burp Suite Professional
			Step 1: Configure the Burp Proxy listener
			Step 2: Configure your device to use the proxy
			Step 3: Install a CA certificate on your Android device
			Step 4: Test the configuration
		Troubleshooting for mobile devices
			I can't access HTTPS URLs on iOS even after installing Burp's CA certificate
	Troubleshooting performance issues
		Check the minimum system requirements
		Identify potential bottlenecks: CPU, memory, and network
		Optimize CPU usage
			Disabling pretty printing
			Disabling JavaScript analysis
			Configuring your scans for performance
			Narrowing the scope of your scans
			Scanning a single protocol
		Optimize memory usage
			Disabling extensions
			Allocating more memory to the Java machine
			Using a disk-based project
		Optimize network usage
			Reducing concurrent scans
			Configuring resource pools
	Becoming an early adopter
	Dashboard
		Task details
		Task execution settings
			Task auto-start
			Resource pools
		Issue activity
			Issue activity annotations
	Tools
		Proxy
			Intercepting messages
				Controls
				Message display
				Protocol
			HTTP history
				Changing the HTTP history layout
				Viewing a request
				Filter settings
					Adding annotations
			WebSockets history
				Changing the WebSockets history layout
				Viewing a request
				Filter settings
					Adding annotations
			Burp Proxy options
				Proxy listeners
					Binding
					Request handling
					Certificate
					TLS Protocols
					HTTP
				Intercepting HTTP requests and responses
				Intercept WebSocket Messages
				Response Modification
				Match and Replace
					Matching multi-line regions
					Using regex groups in back-references and replacement strings
				TLS Pass Through
				Miscellaneous
			Managing CA certificates
				Exporting and importing the CA certificate
				Creating a custom CA certificate
			Invisible proxying
		Repeater
			Working with HTTP messages
				HTTP Repeater tab
			Sending HTTP requests in sequence
				Send sequence prerequisites
			Working with WebSocket messages
				WebSocket Repeater tab
			Managing tabs
				Tab groups
			Managing tab groups
				Creating a new tab group
				Editing existing groups
				Closing tab groups
			Options
			Configuring tab-specific options
		Intruder
			Getting started
				Tutorial
					Step 1: Access the lab
					Step 2: Try to log in
					Step 3: Set the payload positions
					Step 4: Select an attack type
					Step 5: Add the payloads
					Step 6: Start the attack
					Step 7: Look for any irregular responses
					Step 8: Study the response
					What next?
				Learn more about Burp Intruder
			Using Burp Intruder
				How Intruder works
				Saving an attack
				Typical uses
					Enumerating identifiers
					Harvesting useful data
					Fuzzing for vulnerabilities
			Attack types
				Sniper
				Battering ram
				Pitchfork
				Cluster bomb
			Positions
				Target field
				Request template
				Setting up the Target field and request template
				Payload markers
			Payloads
				Types
					Simple list
						Predefined payload lists
					Runtime file
					Custom iterator
					Character substitution
					Case modification
					Recursive grep
					Illegal Unicode
					Character blocks
					Numbers
					Dates
					Brute forcer
					Null payloads
					Character frobber
					Bit flipper
					Username generator
					ECB block shuffler
					Extension-generated
					Copy other payload
				Processing
					Payload processing rules
					Payload encoding
			Intruder resource pool
			Options
				Save options
				Attack request headers
				Error handling
				Attack results options
				Grep - match
				Grep - extract
				Grep - payloads
				Handling redirections during attacks
			Configure attack
				Managing attack tabs
				Launching an attack
			Attack results
				Results table
					Intruder attacks display filter
					Annotations
					Burp Intruder testing workflow
				Attack configuration tabs
				Results menus
					Attack menu
					Save menu
					Columns menu
			Analyzing results
		Target
			Scope
			Using
				Manual application mapping
				Defining Target scope
				Reviewing unrequested items
				Discovering hidden content
				Analyzing the attack surface
				Target tool testing workflow
			Target site map
				Target information
					Site map views
					Contents view
					Issues view
				Site map display filter
				Site map annotations
				Site map testing workflow
				Comparing site maps
					Site map sources
					Request matching
					Response comparison
					Comparison results
				Getting started
					Tutorial
						Step 1: Access the lab
						Step 2: Go to the site map
						Step 3: Update the site map
						Step 4: Filter the displayed information
						Step 5: Set the target scope using the site map
		Collaborator client
			Getting started
				Step 1: Access the lab
				Step 2: Browse the target site
				Step 3: Send an interesting request to Repeater
				Step 4: Inject a Collaborator payload into the request
				Step 5: Poll for interactions
				Summary
				What next?
			Testing multiple inputs
		Logger
			Logging and memory
			Logger functionality
			Task logger
			Logger configuration
			Getting started with Logger
				Tutorial
					Step 1: Access the lab
					Step 2: View requests on the Logger tab
					Step 3: Audit a specific request with Burp Scanner
					Step 4: Examine the requests made by Burp Scanner
					Step 5: Sort and filter the Logger tab
					Step 6: Disable and clear the Logger history
				Learn more about Logger
			Options
				Capture options
				View options
		Sequencer
			Getting started
			Randomness tests
				Character-level analysis
				Bit-level analysis
			Samples
				Live capture
					Select live capture request
					Token location within response
					Live capture options
					Running the live capture
				Manual load
			Analysis options
				Token handling
				Token analysis
			Results
				Summary
				Character-level analysis results
				Bit-level analysis results
				Results analysis options
		DOM Invader
			Key features
			Enabling DOM Invader
			Testing for DOM XSS
				Injecting a canary
					Injecting a canary into multiple sources
				Identifying controllable sinks
				Determining the XSS context
				Studying the client-side code
			Testing for DOM XSS using web messages
				Enabling web message interception
				Identifying interesting web messages
				Automated web message analysis
				Message details
					Origin accessed
					Data accessed
					Source accessed
				Replaying web messages
				Generating a proof of concept
			Testing for client-side prototype pollution
				Enabling prototype pollution
				Detecting sources for prototype pollution
				Manually confirming sources for prototype pollution
				Scanning for prototype pollution gadgets
				Generating a proof-of-concept exploit
			Configuration
				General settings
					Postmessage interception
					Message filtering by stack trace
					Auto-fire events
					Redirection prevention
					Add breakpoint before redirect
					Prototype pollution
					Inject canary into all sources
					Changing the canary
					Customizing sources and sinks
					Configuring callbacks
					Remove Permissions-Policy header
				Web message settings
					Postmessage origin spoofing
					Canary injection into intercepted messages
					Filter messages with duplicate values
					Generate automated messages
					Detect cross-domain leaks
				Prototype pollution settings
					Scan for gadgets
					Auto-scale amount of properties per frame
					Scan nested properties
					Query string injection
					Hash injection
					JSON injection
					Verify onload
					Remove CSP header
					Remove X-Frame-Options header
					Scan each technique in separate frame
					Disabling prototype pollution techniques
		Clickbandit
			Running Burp Clickbandit
			Record mode
			Review mode
		Comparer
			Loading data into Comparer
			Performing comparisons
		Decoder
			Loading data into Decoder
			Transformations
			Working manually
			Smart decoding
	Reference
Enterprise Edition
	Getting started with Burp Suite Enterprise Edition
	Working with sites
	Working with scans
	Working with scan results
	Configuring Burp Suite Enterprise Edition infrastructure
	Managing users and permissions
	Integrating with other tools
	Extending capabilities
	Troubleshooting in Burp Suite Enterprise Edition
	API documentation
	Reference
	Getting started
		Additional information
		Preparing to deploy Burp Suite Enterprise Edition
			Decide on your licensing needs
			Choose your deployment type
			Choose your preferred architecture
			Plan your database setup
			Review the system requirements
			Plan your network and firewall setup
			Prepare your organization
		Deployment options
		Prerequisites for a standard installation
			Port
			TLS certificate
			Installation location
			System user
			Scanning machine requirements
			Database setup script
		Configuring your environment network and firewall settings
			Configuring a single-machine deployment
			Configuring a multi-system deployment
		Installing Burp Suite Enterprise Edition
			Before installation
			Step 1: Download the installer
			Step 2: Choose an install location
			Step 3: Select the components to install
			Step 4: Specify a logs directory
			Step 5: Specify a data directory
			Step 6: Select a user to run processes
			Step 7: Select database options
			Step 8: Specify a web server port
			Step 9: Specify a database backups directory
			After installation
		Configure the application
			Uploading a TLS certificate
			Configuring database details
			Configuring admin user details
		Activating your license
		What next?
			Complete your network settings
			Add more scanning machines
			Import sites in bulk
			Schedule scans
			Set your email server up
			Add more users
			Set up integrations
			Learn more about working with sites
			Learn more about working with scans
			Learn more about analyzing scan results
		Unattended installation
			Performing an unattended installation with Linux
			Performing an unattended installation with Windows
			Varfile field guide
		Deploying Burp Suite Enterprise Edition to Kubernetes
			Deploying Burp Suite Enterprise Edition from scratch
				Set up a suitable Kubernetes cluster
					Using the reference template
				Install the application
					Downloading the Helm chart
					Providing custom values for the Helm chart
						Note for Oracle users
					Using the Helm chart
					Installing using a pre-existing values file
			Migrating from a legacy cloud deployment
				Set up a suitable Kubernetes cluster
					Using the reference template
				Install the application
					Downloading the Helm chart
					Providing custom values for the Helm chart
					Using the Helm chart
				Configuring TLS
				Back up your data and stop your old service
					Stopping your scans
					Scaling your environment down
					Creating a new database instance
				Configuring database and admin user details
					Connecting to your database
					Creating an admin user
				Activating your license after migration
				Check the new deployment
					Decommission your old deployment
					Next steps with Kubernetes
			Updating Burp Suite Enterprise Edition on Kubernetes
				Preparing to update
				Running the update command
			Support scope for Kubernetes deployments
				PortSwigger Kubernetes support scope
					Not supported
				Kubernetes customer responsibilities
		System requirements
			General requirements
				Swap space (Linux only)
			System requirements for single-machine deployment
			System requirements for multi-machine deployment
			Kubernetes requirements
			Database and storage space
				Supported database versions
		Setting up the external DB
			Database setup scripts
				PostgreSQL
				Oracle
				MariaDB / MySQL
				Microsoft SQL Server
			Authentication mode
			Additional configuration for Microsoft SQL Server
			Database connection URL format
			Troubleshooting for MySQL databases
			Distributing the public key manually
		Trial deployment guide
			Install
				Activating your license
			Run your first scan
			Analyze scan results
	Troubleshooting
		Downloading logs
		Help center
			Diagnostics
			Debug
			Support pack
			Documentation
	Working with sites
		Sites section contents
		Adding new sites
			Optional settings for your new site
		Performing a pre-scan check
		Importing sites in bulk
			Preparing the import CSV file
			Uploading the CSV file
		Editing existing sites
		Configuring site settings
		Configuring site login details
			Configuring site login details
			Adding recorded login sequences
				Preparing the Burp Suite Navigation Recorder extension
				Recording a login sequence in Burp Suite Enterprise Edition
				Adding recorded login sequences to Burp Suite Enterprise Edition
				Reviewing a recorded login sequence
		Defining the scan configuration
		Using preset scan modes
		Managing the site tree
			Creating folders and subfolders
			Adding individual sites to a folder
			Moving sites and folders in bulk
			Deleting sites and folders
		Setting up scan notifications
			Email notifications
				Setting up email notifications when creating a new site
				Setting up email notifications for existing sites
			Slack notifications
				Setting up Slack notifications when creating a new site
				Setting up Slack notifications for existing sites
	Working with scans
		Creating scans
			Create a new scan
		Viewing scan details
		Monitoring scan progress
			Reviewing scan errors
		Managing scheduled scans
			Viewing scheduled scans
			Editing scheduled scans
			Deleting scheduled scans
			Editing schedule scan configurations
		Performing bulk actions with scans
		Using custom scan configurations
			Assign a custom scan configuration to a site
			Create a custom scan configuration
			Importing scan configurations
		Configuring default false positive settings
		Configuring sites and scan data
		Downloading logs
			Download the event log
			Download the debug log
	Working with scan results
		Tracking issues over time
			Viewing the dashboard for a site
			Viewing the dashboard for a folder
			Viewing the severity trend
		Viewing issue details
			View details for a specific issue
		Handling false positives
			Mark an issue as a false positive
		Downloading reports
			Download a standard report
			Download a compliance report
			Send scan summary reports automatically
			Export issue data
		Raising tickets
			Raising GitLab issues
				Raising GitLab issues for multiple issues
			Raising Jira tickets
				Unlink Jira tickets
				Raising Jira tickets for multiple issues
			Raising Trello cards
				Raising Trello cards for multiple issues
			Raising tickets for multiple issues
				Linking multiple issues to an existing ticket
				Managing linked tickets
	Configuring the infrastructure
		Architecture overview
			Enterprise server
			Web server
			Database
			Services
			Scans and scanning machines
		Single vs. multi-machine deployment
			Single machine deployment
			Multi-machine deployment
			Requirements
		Configuring your web server
			Enabling TLS
		Configuring an HTTP proxy server
		Managing certificates for outbound connections
		Configuring your SMTP server
			Using an HTTP proxy server to connect to the SMTP server
			Connecting to an external email service
			Connecting to an internal email service
			Verifying your SMTP server connection
		Whitelisting an application for CORS
		Managing Services
			Managing Burp Suite Enterprise Edition services
				List running services
				Stop running services
				Start services
		Managing updates
			Configuring automatic updates
			Manually checking for updates
			Manually installing updates
			Downtime during updates
		Managing scanning resources
			Standard deployments
			Kubernetes deployments
			Scanning machines
				Scanning pools
				Deploying additional scanning machines
					Setting up a new scanning machine
					Authorizing a new scanning machine
				Managing scanning pools
					Features of scanning pools
					Create a new scanning pool
					Reassign a scanning machine to a different pool
					Reassign a site to a different pool
				Assigning scan limits
					Additional scans
			Kubernetes scanning resources
				How does scanning work on Kubernetes?
				Configuring scanning resources
				Managing Kubernetes scan resources
					Setting concurrent scan limits
					Disabling scanning
					Amending your license
					Viewing active scans
		Configuring the database
			Configuring database backups
			Migrating to an external database
	Managing users and permissions
		Managing users
			Viewing users
			Creating a new user
			Creating an API user
			Editing users
			Suspending a user temporarily
			Deleting a user
		Managing groups
			Creating a new group
			Editing a group
			Restricting access to sites
			Deleting a group
		Managing roles
			Creating a new role
			Modifying roles
			Deleting roles
		Enabling single sign-on
			Configuring user permissions
				Creating groups with SAML
			LDAP
			Configuring SAML single sign-on for Burp Suite Enterprise Edition
				Configuring SAML SSO with ADFS
					Step 1: Add Burp Suite Enterprise Edition to your trusted applications
					Step 2: Obtain key details from ADFS
					Step 3: Enter the key details in Burp Suite Enterprise Edition
					Step 4: Configure how groups are managed
						Create a central claim issuance policy
					Create claim rules for each group individually
				Configuring SAML SSO with Azure Active Directory
					Step 1: Add Burp Suite Enterprise Edition to your trusted applications
					Step 2: Import key details from Azure AD
					Step 3: Configure group membership
				Configuring SAML SSO with Okta
					Step 1: Add Burp Suite Enterprise Edition to your trusted applications
					Step 2: Obtain key details from Okta
					Step 3: Enter the key details in Burp Suite Enterprise Edition
					Step 4: Configure Okta Group Attribute Statements
				Configuring single logout
		Configuring SCIM
			Okta
				Prerequisites
				Set a port for the SCIM URL and generate an API token
				Upload a TLS certificate
				Configure the connection in Okta
					Enable SCIM provisioning
					Enter the connection details
					Configure the provisioning to app settings
				Push your Okta users and groups to Burp Suite Enterprise Edition
			OneLogin
				Prerequisites
				Set a port for the SCIM URL and generate an API token
				Upload a TLS certificate
				Configure the connection in OneLogin
					Enter the connection details
					Configure the parameters
				Enable SCIM provisioning
				Push your OneLogin users to Burp Suite Enterprise Edition
					Troubleshooting provisioning issues in OneLogin
			Managing SCIM users and groups
				Assigning permissions to SCIM users
				Assigning permissions to SCIM groups
				Removing a SCIM user
		Resetting your admin password
			Resetting your admin password (standard deployments)
				Windows
				Linux
			Resetting your admin password (Kubernetes)
		Role-based access control
			Vertical segregation of permissions
			Horizontal segregation of permissions
		Restricting access to sites
	Integrating with issue tracking platforms
		Integrating with GitLab
			Prerequisites
			(Recommended) Create a new GitLab user for the integration
			Generate a GitLab impersonation token
			Connect Burp Suite Enterprise Edition to GitLab
				Enable GitLab issues to be raised manually
				Enable GitLab issues to be raised automatically
			Raising GitLab issues from within Burp Suite Enterprise Edition
		Integrating with Jira
			(Recommended) Create a new Jira user for the integration
			Generate a Jira API token (Jira Cloud only)
			Connect Burp Suite Enterprise Edition to Jira
				Enable manual Jira ticket creation
				Enable automatic Jira ticket creation
			Manually creating Jira tickets
		Integrating with Trello
			Prerequisite
			(Recommended) Create a new Trello user for the integration
			Connect Burp Suite Enterprise Edition to Trello
				Enable manual Trello card creation
				Enable automatic Trello card creation
			Raising Trello cards from within Burp Suite Enterprise Edition
	Integrating with your CI/CD platform
		Overview of CI/CD platform integration
			Integration types
			Detailed instructions
		Integration types
			Site-driven scan
			Burp scan
		Create an API user
			Create a role and group for CI/CD users
			Create the CI/CD API user
		Jenkins
			Create an API user
			Download and install the plugin
			Configure the integration
			Site-driven scan
				Prerequisites
				Whitelist your Jenkins URL
				Create the site-driven scan build step in Jenkins
				Test your integration
			Burp scan
				Prerequisites
				Create the Burp scan build step in Jenkins
				Test your integration
		TeamCity
			Create an API user
			Download and install the plugin
			Configure the integration
			Site-driven scan
				Prerequisites
				Whitelist your TeamCity URL
				Create the site-driven scan build step in TeamCity
				Test your integration
			Burp scan
				Prerequisites
				Create the Burp scan build step in TeamCity
				Test your integration
		Integrating with other CI/CD platforms
			Site-driven scan
				Prerequisites
				Add the build steps to your pipeline
				Test your integration
			Burp scan
				Prerequisites
				Add the build steps to your pipeline
				Test your integration
			Parameter reference
		Optional settings
			Configuring optional settings using the native platform plugins
			Configuring optional settings using the generic CI/CD driver
			Overriding the default scan configurations from your CI/CD system
			Ignoring issues
	Integrating with other tools
		Integrating with Slack
			Prerequisites
			Create a Slack app
			Add the app to your Slack channels
			Connect your Slack app to Burp Suite Enterprise Edition
			Manage which Slack channels are available
	BApps and custom extensions
		Extensions
			Extension library
		Adding extensions
			Prerequisite permissions for adding extensions
			Adding a BApp to Burp Suite Enterprise Edition
			Creating a custom extension for Burp Suite Enterprise Edition
			Adding a custom extension to Burp Suite Enterprise Edition
		Managing extensions
			Viewing extension details
			Removing an extension from Burp Suite Enterprise Edition
		Scanning with extensions
			Applying extensions to a new site
			Applying an extension to an existing site
			Removing an extension from a site
	API documentation
		API overview
			Using the APIs
		Creating API users
		REST API
		GraphQL API documentation
			GraphQL API
			Getting started with the GraphQL API
				Creating an API user
				Structuring the GraphQL call
				Example request
				Using Insomnia
			GraphQL common tasks
				Query and mutation names
				Retrieving a list of scans
				Retrieving the most recent scan for a site
				Retrieving basic details for a specific scan
				Retrieving a list of scan configurations
				Retrieving basic site tree details
				Retrieving scan issue information
				Retrieving all issues for a scan
				Retrieving detailed information about a specific issue
				Generating a scan remediation report
				Creating a site
				Scheduling a new scan
				Moving a site to a new folder
	Reference
		Technical infrastructure
		Troubleshooting in Burp Suite Enterprise Edition
		API reference
		User interface
		Home page
			Dashboard
			Issues
		Sites page
			Site filters
			Site actions
		Scans page
			Scans
			Scheduled scans
				Schedule scan configurations
		Scan details
			Failed scans
		Scan configurations
			Custom scan configuration options
				Crawling
				Auditing
				Connections
				Request throttling
				Embedded browser
				Modular scan configurations
		Site and scan data settings
			Automatic site creation for API-generated scans
				How does Burp Suite Enterprise Edition decide which sites to match?
			Scan deltas
		Issue details
			Advisory tab
			Request and response tabs
			Dynamic analysis
		Reports
			Standard reports
				Included severities
				False positives
			Compliance reports
				Compliance report contents
				Uncategorized issues
				Viewing scan details
			Automatic scan summary reports
		Team page
			Users
			Groups
			Roles
		Settings menu
		Site-level view
			Dashboard
			Scans
			Scheduled scans
			Issues
			Details
				Site details
				Site scope
				Scan settings
		Folder-level view
			Folder-level dashboard
			Scans
			Issues
		Browser-powered scans
			How to enable browser-powered scanning for Burp Suite Enterprise Edition
				Enabling browser-powered scanning on Linux machines
		Performing bulk actions in the site tree
			Permissions for bulk actions
		Preset scan modes
		Best practice for recording login sequences
			Limitations of recorded login sequences
				Tips for recording successful login sequences
				Troubleshooting recorded login sequences for Burp Suite Enterprise Edition
Dastardly
	How to run Dastardly
	Configuration
	Scanning
	Results
	Integrating Dastardly with your existing CI/CD platform
	Dastardly system requirements
	Troubleshooting Dastardly
	Jenkins
		Jenkins server requirements
		Configuring the Jenkins pipeline
		Creating the Jenkinsfile
		Viewing Dastardly scan results in Jenkins
	TeamCity
		TeamCity agent requirements
		Creating the settings file
		Configuring the TeamCity pipeline
		Viewing Dastardly scan results in TeamCity
	Platform independent
		Dastardly scan results
	FAQs
		Authentication
		Browser sandbox
		Scanning APIs
Scanner
	Crawling
		Core approach
		Session handling
		Detecting changes in application state
		Application login
		Crawling volatile content
		Crawling with Burp's browser (browser-powered scanning)
	Auditing
		Audit phases
		Issue types
		Insertion points
			Encoding data within insertion points
			Nested insertion points
			Modifying parameter locations
		Automatic session handling
		Avoiding duplication
			Consolidation of frequently occurring passive issues
			Handling of frequently occurring insertion points
		JavaScript analysis
		Handling application errors
	Vulnerabilities list
	Burp Scanner error reference
		Burp Scanner errors in Burp Suite Professional
		Burp Scanner errors in Burp Suite Enterprise Edition
Burp Collaborator
	What is Burp Collaborator?
	How Burp Collaborator works
	Security of Collaborator data
	Options for using Burp Collaborator
	Deploying a private server
		Basic set-up on a closed network
		General set-up steps
		Installation and execution
		Collaborator server ports and firewall rules
		Running on non-standard ports
		Collaborator server resources
		DNS configuration
		Collaborator configuration file
		TLS configuration
		Interaction events and polling
		Truncating interaction messages
		Metrics
		Collaborator logging
		Testing the installation
		Add custom HTTP content
		Add custom DNS records
		Troubleshooting your server
Contents
Burp Infiltrator
	How Burp Infiltrator works
	Installing Burp Infiltrator
		Non-interactive installation
	Configuration options
Search results