1. Support Center
  2. Documentation
  3. Contents
Enterprise Professional Community

Burp Suite Documentation - Contents

Documentation
Desktop Editions
    Getting Started
        Launching Burp
        Startup Wizard
            Selecting a Project
            Selecting a Configuration
            Opening a Project From a Different Burp Installation
        Display Settings
        Next Steps
        Command Line
            Command Line Arguments
        Burp Projects
            Project Files
                Saving a Copy of a Project
                Saving the Burp Collaborator Identifier
                Importing Projects
        Configuration
            Configuration library
            User and Project Configuration Files
            Loading and Saving Configuration Files
            Configuration File Format
    Scanning Web Sites
        Launching Scans
            Configuring scans
        Monitoring Scan Activity
        Reporting
        Scan Launcher
            Scan details
            Scan configuration
            Application login options
            Resource pool options
        Live Scans
            Live scan configuration
            Live audit
            Live passive crawl
        Crawl Options
            Crawl optimization
                Maximum link depth
                Crawl strategy
            Crawl limits
            Login functions
            Handling application errors during crawl
        Audit Options
            Audit Optimization
            Issues Reported
            Handling Application Errors during audit
            Insertion Point Types
            Modifying parameter locations options
            Ignored insertion points
            Frequently occurring insertion points
            Misc insertion point options
            JavaScript analysis options
        Audit Items
            Audit items annotations
        Reporting
            Report Format
            Issue Details
            HTTP Messages
            Selecting issue types
            Report Details
    Penetration Testing
        The Basics of Using Burp
        Testing Workflow
        Recon and Analysis
        Tool Configuration
        Vulnerability Detection and Exploitation
        Read More
        Configuring Your Browser
    Mobile Testing
    Extensibility
    Troubleshooting
    Dashboard
        Task Details
        Task Execution Settings
            Task auto-start
            Resource pools
        Issue Activity
            Issue activity annotations
    Tools
        Target
            Using
                Manual Application Mapping
                Defining Target Scope
                Reviewing Unrequested Items
                Discovering Hidden Content
                Analyzing The Attack Surface
                Target tool testing workflow
            Target Site Map
                Target Information
                    Site Map Views
                    Contents View
                    Issues View
                Site map display filter
                Site map annotations
                Site map testing workflow
                Comparing Site Maps
                    Site Map Sources
                    Request Matching
                    Response Comparison
                    Comparison Results
            Scope
        Proxy
            Getting Started
            Using Burp Proxy
                Getting Set Up
                Intercepting Requests and Responses
                Using the Proxy History
                Burp Proxy testing workflow
                Key Configuration Options
            Intercepting Messages
                Controls
                Message Display
            History
                History Table
                Proxy history display filter
                Proxy history annotations
                Proxy history testing workflow
            Options
                Proxy Listeners
                    Binding
                    Request Handling
                    Certificate
                    Exporting and Importing the CA Certificate
                    Creating a Custom CA Certificate
                Intercepting HTTP Requests and Responses
                Intercepting WebSockets Messages
                Response Modification
                Match and Replace
                SSL Pass Through
                Miscellaneous
                Invisible Proxying
                Install CA Certificate
            In-Browser Controls
        Intruder
            Getting Started
            Using Burp Intruder
                How Intruder Works
                Typical Uses
                    Enumerating Identifiers
                    Harvesting Useful Data
                    Fuzzing For Vulnerabilities
                Configuring an Attack
                Launching an Attack
            Target
            Positions
                Request Template
                Payload Markers
                Attack Type
            Payloads
                Types
                    Simple List
                        Predefined Payload Lists
                    Runtime File
                    Custom Iterator
                    Character Substitution
                    Case Modification
                    Recursive Grep
                    Illegal Unicode
                    Character Blocks
                    Numbers
                    Dates
                    Brute Forcer
                    Null Payloads
                    Character Frobber
                    Bit Flipper
                    Username Generator
                    ECB Block Shuffler
                    Extension-Generated
                    Copy Other Payload
                Processing
                    Payload Processing Rules
                    Payload Encoding
            Options
                Attack request headers
                Request Engine
                Attack results options
                Grep - Match
                Grep - Extract
                Grep - Payloads
                Handling redirections during attacks
            Attacks
                Attack results
                    Results Table
                    Intruder attacks display filter
                    Annotations
                    Burp Intruder testing workflow
                Attack Configuration Tabs
                Results Menus
                    Attack Menu
                    Save Menu
                    Columns Menu
        Repeater
            Using Burp Repeater
                Issuing Requests
                Request History
                Repeater Options
                Managing Request Tabs
            Options
        Sequencer
            Getting Started
            Randomness Tests
                Character-Level Analysis
                Bit-Level Analysis
            Samples
                Live Capture
                    Select Live Capture Request
                    Token Location Within Response
                    Live Capture Options
                    Running the Live Capture
                Manual Load
            Analysis Options
                Token Handling
                Token Analysis
            Results
                Summary
                Character-level Analysis results
                Bit-level Analysis results
                Results analysis Options
        Decoder
            Loading data into Decoder
            Transformations
            Working Manually
            Smart Decoding
        Comparer
            Loading data into Comparer
            Performing Comparisons
        Extender
            Loading and Managing Extensions
            Extension Details
            BApp Store
            Burp Extender API
            Extender options
                Settings
                Java Environment
                Python Environment
                Ruby Environment
        Clickbandit
            Running Burp Clickbandit
            Record Mode
            Review Mode
        Collaborator Client
        Mobile Assistant
            Routing Traffic Through Burp Suite
            Bypassing Certificate Pinning
                Adding Injected Apps
                Injected Apps List
                Recovering From Crashes
            Installing Burp Suite Mobile Assistant
    Useful Functions
        Message Editor
            Message Analysis Tabs
                Raw
                Params
                Headers
                Hex
                HTML
                XML
                Render
                ViewState
            Context Menu Commands
            Text Editor
                Syntax Analysis
                Text editor hotkeys
                Quick search
        Search
            Text search
            Find Comments and Scripts
            Find References
        Target Analyzer
        Content Discovery
            Control
            Target
            Filenames
            File Extensions
            Discovery Engine
            Site Map
        Task Scheduler
        Generate CSRF PoC
            CSRF PoC options
        URL-Matching Rules
            Normal Scope Control
            Advanced Scope Control
        Response Extraction Rules
        Manual Testing Simulator
    Options
        Connections
            Platform Authentication
            Upstream Proxy Servers
            SOCKS Proxy
            Timeouts
            Hostname Resolution
            Out-of-Scope Requests
        HTTP
            Redirections
            Streaming Responses
            Status 100 Responses
        SSL
            SSL Negotiation
            Java SSL Options
            Client SSL Certificates
            Server SSL Certificates
        Sessions
            Session Handling Challenges
            Session Handling Rules
                Session Handling Tracer
            Cookie Jar
            Macros
            Integration With Burp Tools
            Rule Editor
                Rule Description
                Rule Actions
                    Use Cookies From the Session Handling Cookie Jar
                    Set a Specific Cookie or Parameter Value
                    Check Session Is Valid
                    Prompt For In-Browser Session Recovery
                    Run a Macro
                    Run a Post-Request Macro
                    Invoke a Burp Extension
                Tools Scope
                URL Scope
                Parameter Scope
            Macro Editor
                Record Macro
                Configuring Macro Items
                    Cookie Handling
                    Parameter Handling
                    Custom Parameter Locations In Response
                Re-Analyze Macro
                Test Macro
        Misc Project Options
            Scheduled Tasks
            Burp Collaborator Server
            Logging
        Display
            User Interface
            HTTP Message Display
            Character Sets
            HTML Rendering
        Misc User Options
            Hotkeys
            Automatic Project Backup
            REST API options
            Proxy Interception
            Proxy History Logging
            Temporary Files Location
            Performance Feedback
Enterprise Edition
    Getting Started
        Key features
        Architecture
        System requirements
            Number of machines
            Machine specifications
            Database size
            Client browsers
            Network and firewall configuration
        Installation
            Preparing for installation
            Initial product installation
            Post-installation configuration
            Installing additional agents
    How do I
        Scan a web site
        Set up team
        Integrate with CI
    Reference
        Sites
            Creating sites
            Site configuration
            Site URLs
            Viewing site details
        Scans
            Viewing scan details
            Viewing scan issue details
            Setting up scans
            Scan configurations
        Agents
            Agent counts
            Viewing agent details
            Agent authorization requests
            Agent fingerprints
        Team
            Users
                API users
            Groups
                Restrictions on sites
            Roles
        Settings
            License
            Updates
                Downtime during updates
            Web server
            Email
            Network proxy
        REST API
            Burp CI plugins
            Generic CI driver
            Configuring CI builds
Scanner
    Crawling
        Core Approach
        Session Handling
        Detecting Changes in Application State
        Application Login
        Crawling Volatile Content
    Auditing
        Audit Phases
        Issue Types
        Insertion Points
            Encoding Data Within Insertion Points
            Nested Insertion Points
            Modifying Parameter Locations
        Automatic Session Handling
        Avoiding Duplication
            Consolidation of frequently occurring passive issues
            Handling of frequently occurring insertion points
        JavaScript Analysis
        Handling application errors
Burp Collaborator
    What Is Burp Collaborator?
    How Burp Collaborator Works
    Security of Collaborator Data
    Options for Using Burp Collaborator
    Deploying a Private Server
        Installation And Execution
        Basic Set-up On A Closed Network
        Running On Non-Standard Ports
        DNS Configuration
        SSL Configuration
        Interaction Events and Polling
        Metrics
        Collaborator logging
        Testing the Installation
        Collaborator configuration File Format
Burp Infiltrator
    How Burp Infiltrator Works
    Installing Burp Infiltrator
        Non-interactive Installation
    Configuration Options
Contents