ENTERPRISEPROFESSIONALCOMMUNITY

Burp Suite documentation - contents

  • Last updated: May 17, 2022

  • Read time: 18 Minutes

Documentation
Desktop editions
     Getting started
          Download and install
          Intercepting HTTP traffic with Burp Proxy
               Intercepting a request
          Modifying requests in Burp Proxy
               Step 1: Access the vulnerable website in Burp's browser
               Step 2: Log in to your shopping account
               Step 3: Find something to buy
               Step 4: Study the add to cart function
               Step 5: Modify the request
               Step 6: Exploit the vulnerability
          Reissuing requests with Burp Repeater
               Sending a request to Burp Repeater
               Testing different input with Burp Repeater
          Running your first scan
               Scanning a website
               Generating a report
          What next?
               Continue your Burp Suite journey
          Activate license
               Manual activation
          Launch from the command line
               Checking your Java version
               Launching the Burp Suite JAR
               Command line arguments
          Mac installer
          Startup wizard
               Selecting a project
               Opening a project from a different Burp installation
               Selecting a configuration
          System requirements
               CPU cores / memory
               Free disk space
               Operating system and architecture
     Tutorials
          Video overviews
          Guided tutorials
          Intercepting HTTP requests and responses
          Resending individual requests with Burp Repeater
          Scanning a website
          Using live tasks in Burp Suite
          Using Burp Suite projects
          Using Burp Suite project options
          Touring the Burp Suite user interface
          Using Burp Proxy's interception rules
          Using target scope in Burp Suite
          Testing WebSockets with Burp Suite
          Reducing noise
               Setting a basic target scope
               Using filters
          Viewing requests sent by Burp extensions using Logger
               Step 1: Send requests using an extension
               Step 2: Go to the Logger tab
               Step 3: Filter the Logger tab
               Step 4: Viewing individual requests
               Summary
          Brute-forcing a login with Burp Intruder
               What is a Cluster bomb attack?
               Brute-forcing a login using a Cluster bomb attack
                    Summary and next steps
          Enumerating subdomains with Burp Intruder
               Summary and next steps
          Testing for reflected XSS with Burp Repeater
               Step 1: Find an interesting request
               Step 2: Send the request to Burp Repeater
               Step 3: Search the response for your reflected input
               Step 4: Identify the injection context
               Step 5: Test for flawed input sanitization
               Step 6: Send an XSS proof of concept
               Summary
               Read more
          Using match and replace rules
               Step 1: Open the lab
               Step 2: Attempt to access the admin panel
               Step 3: Add a custom match and replace rule
               Step 4: Try to access the admin panel again
               Summary and next steps
          Credential stuffing using Burp Intruder
               What is credential stuffing?
               Step 1: Open the lab
               Step 2: Send a login request to Burp Intruder
               Step 3: Select the attack type
               Step 4: Configure the payload positions
               Step 5: Add the username payloads
               Step 6: Add the password payloads
               Step 7: Start the attack
               Step 8: Analyze the results
               Step 9: Confirm your results
               Summary
               What next?
          Testing for asynchronous vulnerabilities using Burp Collaborator
               Step 1: Access the lab
               Step 2: Identify a suitable input to test
               Step 3: Open the Burp Collaborator client
               Step 4: Getting a payload URL
               Step 5: Inject your Collaborator payload into a request
               Step 6: Poll for interactions
               Summary
               What next?
               Collaborator Everywhere
          Augmenting manual testing using Burp Scanner
               Scanning specific requests
               Scanning user-defined insertion points
               Summary
     Scanning web sites
          Launching scans
               Configuring scans
          Monitoring scan activity
          Reporting
          Browser-powered scanning
               How to enable browser-powered scanning
               System requirements for browser-powered scanning
               Browser-powered scanning on Linux
          Recorded logins
               Limitations for recorded login sequences
               How to record a login sequence for Burp Scanner
                    Recording login sequences using an external browser
               How to test a recorded login sequence
               Troubleshooting recorded login sequences
          Scan launcher
               Scan details
               Scan configuration
               Application login options
                    Use login credentials
                    Use recorded login sequences
               Resource pool options
          Live scans
               Live scan configuration
               Live audit
               Live passive crawl
          Crawl options
               Crawl optimization
                    Maximum link depth
                    Crawl strategy
               "Fastest" crawl strategy
               Crawl limits
               Login functions
                    How does the crawler identify login and registration forms?
                    Why is the crawler not filling my login forms?
               Handling application errors during crawl
               Miscellaneous crawl settings
                    Burp's browser options
          API scanning
               Prerequisites for API scanning
               Deriving locations from an API definition
               Parameter handling during API scans
               Limitations for API scanning
          Audit options
               Audit optimization
               Issues reported
               Handling application errors during audit
               Insertion point types
               Modifying parameter locations options
               Ignored insertion points
               Frequently occurring insertion points
               Misc insertion point options
               JavaScript analysis options
          Burp Scanner built-in configurations
               Audit checks - all except JavaScript analysis
               Audit checks - all except time-based detection methods
               Audit checks - critical issues only
               Audit checks - extensions only
               Audit checks - light active
               Audit checks - medium active
               Audit checks - passive
               Audit coverage - maximum
               Audit coverage - thorough
               Crawl limit - 10 minutes
               Crawl limit - 30 minutes
               Crawl limit - 60 minutes
               Crawl strategy - faster
               Crawl strategy - fastest
               Crawl strategy - more complete
               Crawl strategy - most complete
               Minimize false negatives
               Minimize false positives
               Never stop audit due to application errors
               Never stop crawl due to application errors
          Audit items
               Audit phase indicators
               Audit items annotations
          Reporting
               Report format
               Issue details
               HTTP messages
               Selecting issue types
               Report details
     Penetration testing
          Testing workflow
          Recon and analysis
          Tool configuration
          Vulnerability detection and exploitation
          Read more
     HTTP/2
          Background concepts
          Default protocol
          Keeping track of which protocol you're using
          Changing the protocol for a request
          Kettled requests
               What can cause a request to become kettled?
               Unkettling a request
               Kettled requests and extensions
          HTTP/2 settings
               Changing the default protocol
               Repeater options for HTTP/2
          Enforce protocol choice on cross-domain redirections
          Enable HTTP/2 connection reuse
          Strip Connection header over HTTP/2
          Allow HTTP/2 ALPN override
               Disabling HTTP/2 for proxy listeners
          Upcoming enhancements for HTTP/2 in Burp
               Increased support for kettled requests
          Normalization
               What normalization is performed?
                    Why can't I move the Host header?
               Sending requests without any normalization
          Performing HTTP/2-exclusive attacks
               Injecting newlines into headers
          HTTP/2 basics for Burp users
               Binary protocol
               Frames
               Message length
               Header capitalization
               Pseudo-headers
     External browser configuration
          Check proxy listener is active
          Chrome
          Firefox
          Safari
          Internet Explorer
          Check your browser configuration
          Installing Burp's CA certificate
               Installing Burp's CA certificate on a mobile device
               Why do I need to install Burp's CA certificate?
               Chrome
                    Removing Burp's CA certificate from Firefox
               Chrome
                    Installing Burp's CA certificate in Chrome - Windows and MacOS
                    Installing Burp's CA certificate in Chrome - Linux
               Chrome
                    Removing Burp's CA certificate from Safari
               Chrome
                    Removing Burp's CA certificate from Internet Explorer
               Troubleshooting
                    Check that Burp is running
                    Check your proxy listener is active
                    Try a different port
                    What next?
     Mobile testing
          Troubleshooting for mobile devices
               I can't access HTTPS URLs on iOS even after installing Burp's CA certificate
     Extensibility
     Projects
          Project files
               Saving a copy of a project
               Saving the Burp Collaborator identifier
               Importing projects
               Recovering corrupted project files
     Configurations
          Configuration library
          User and project configuration files
          Loading and saving configuration files
          Configuration file format
     Troubleshooting
     Troubleshooting performance issues
          Check the minimum system requirements
          Identify potential bottlenecks: CPU, memory, and network
          Optimize CPU usage
               Disabling pretty printing
               Disabling JavaScript analysis
               Configuring your scans for performance
               Narrowing the scope of your scans
               Scanning a single protocol
          Optimize memory usage
               Disabling extensions
               Allocating more memory to the Java machine
               Using a disk-based project
          Optimize network usage
               Reducing concurrent scans
               Configuring resource pools
     Becoming an early adopter
     Dashboard
          Task details
          Task execution settings
               Task auto-start
               Resource pools
          Issue activity
               Issue activity annotations
     Tools
          Target
               Using
                    Manual application mapping
                    Defining Target scope
                    Reviewing unrequested items
                    Discovering hidden content
                    Analyzing the attack surface
                    Target tool testing workflow
               Target site map
                    Target information
                         Site map views
                         Contents view
                         Issues view
                    Site map display filter
                    Site map annotations
                    Site map testing workflow
                    Getting started
                         Tutorial
                              Step 1: Access the lab
                              Step 2: Go to the site map
                              Step 3: Update the site map
                              Step 4: Filter the displayed information
                              Step 5: Set the target scope using the site map
                    Comparing site maps
                         Site map sources
                         Request matching
                         Response comparison
                         Comparison results
               Scope
          Proxy
               Getting started
               Getting started with Burp Proxy's intercept feature
                    Tutorial
                         Step 1: Access the lab
                         Step 2: Log in to a user account
                         Step 3: Find something to buy
                         Step 4: Intercept the add to cart request
                         Step 5: Modify the request
                         Step 6: Send the modified request to the server
                    Learn more about Burp Proxy's intercept feature
               Using Burp Proxy
                    Getting set up
                    Intercepting requests and responses
                    Using the Proxy history
                    Burp Proxy testing workflow
                    Key configuration options for Burp Proxy
               Intercepting messages
                    Controls
                    Message display
                    Protocol
               History
                    History table
                    Proxy history display filter
                    Proxy history annotations
                    Proxy history testing workflow
                    Getting started with HTTP history
                         Tutorial
                              Step 1: Access the lab
                              Step 2: Populate the HTTP history
                              Step 3: View a request and response
                              Step 4: Sort and filter the history table
                              Step 5: Send a request to another tool
                         Learn more about Burp Proxy's HTTP history
                    Getting started with WebSockets history
                         Tutorial
                              Step 1: Access the lab
                              Step 2: Populate the WebSockets history
                              Step 3: View a WebSockets message
                              Step 4: Sort and filter the message history table
                              Step 5: Send a message to another tool
                              Learn more about Burp Proxy's WebSockets history
               Options
                    Proxy listeners
                         Binding
                         Request handling
                         Certificate
                         Exporting and importing the CA certificate
                         Creating a custom CA certificate
                         TLS protocols
                         HTTP
                    Intercepting HTTP requests and responses
                    Intercepting WebSocket messages
                    Response modification
                    Match and replace
                    TLS pass through
                    Miscellaneous
                    Invisible proxying
               In-browser interface
          Intruder
               Getting started
                    Tutorial
                         Step 1: Access the lab
                         Step 2: Try to log in
                         Step 3: Set the payload positions
                         Step 4: Select an attack type
                         Step 5: Add the payloads
                         Step 6: Start the attack
                         Step 7: Look for any irregular responses
                         Step 8: Study the response
                         What next?
                    Learn more about Burp Intruder
               Using Burp Intruder
                    How Intruder works
                    Saving an attack
                    Typical uses
                         Enumerating identifiers
                         Harvesting useful data
                         Fuzzing for vulnerabilities
               Attack types
                    Sniper
                    Battering ram
                    Pitchfork
                    Cluster bomb
               Positions
                    Target field
                    Request template
                    Setting up the Target field and request template
                    Payload markers
               Payloads
                    Types
                         Simple list
                              Predefined payload lists
                         Runtime file
                         Custom iterator
                         Character substitution
                         Case modification
                         Recursive grep
                         Illegal Unicode
                         Character blocks
                         Numbers
                         Dates
                         Brute forcer
                         Null payloads
                         Character frobber
                         Bit flipper
                         Username generator
                         ECB block shuffler
                         Extension-generated
                         Copy other payload
                    Processing
                         Payload processing rules
                         Payload encoding
               Intruder resource pool
               Options
                    Save options
                    Attack request headers
                    Error handling
                    Attack results options
                    Grep - match
                    Grep - extract
                    Grep - payloads
                    Handling redirections during attacks
               Configure attack
                    Launching an attack
               Attack results
                    Results table
                         Intruder attacks display filter
                         Annotations
                         Burp Intruder testing workflow
                    Attack configuration tabs
                    Results menus
                         Attack menu
                         Save menu
                         Columns menu
               Analyzing results
          Repeater
               Getting started with Burp Repeater
                    Tutorial
                         Step 1: Access the lab
                         Step 2: Browse the target site
                         Step 3: Identify an interesting request
                         Step 4: Send a request to Burp Repeater
                         Step 5: Issue the request and view the response
                         Step 6: Reissue the request with different input
                         Step 7: Try sending unexpected input
                         Step 8: View the request history
                    Learn more about Burp Repeater
               Using Burp Repeater
                    Using Burp Repeater with HTTP messages
                         Sending HTTP requests
                         HTTP request history
                    Using Burp Repeater with WebSocket messages
                    Repeater options
                    Managing request tabs
               Options
          Sequencer
               Getting started
               Randomness tests
                    Character-level analysis
                    Bit-level analysis
               Samples
                    Live capture
                         Select live capture request
                         Token location within response
                         Live capture options
                         Running the live capture
                    Manual load
               Analysis options
                    Token handling
                    Token analysis
               Results
                    Summary
                    Character-level analysis results
                    Bit-level analysis results
                    Results analysis options
          Decoder
               Loading data into Decoder
               Transformations
               Working manually
               Smart decoding
          Comparer
               Loading data into Comparer
               Performing comparisons
          Extender
               Loading and managing extensions
               Extension details
               BApp store
               Burp Extender API
               Extender options
                    Settings
                    Java environment
                    Python environment
                    Ruby environment
               Submitting extensions
                    Before you submit
                    Submit your extension
                    Reviewing the extension
                    Updating your BApp
          Logger
               Logging and memory
               Logger functionality
               Task logger
               Logger configuration
               Getting started with Logger
                    Tutorial
                         Step 1: Access the lab
                         Step 2: View requests on the Logger tab
                         Step 3: Audit a specific request with Burp Scanner
                         Step 4: Examine the requests made by Burp Scanner
                         Step 5: Sort and filter the Logger tab
                         Step 6: Disable and clear the Logger history
                    Learn more about Logger
               Options
                    Capture options
                    View options
          Collaborator client
               Using Burp Collaborator client
          DOM Invader
               Enabling DOM Invader
               DOM Invader settings
               DOM view
                    Injecting a canary
                    Changing the canary
                    Identifying controllable sources and sinks
                    Viewing all potential sinks
                    Searching the augmented DOM
                    Studying the stack trace
               Messages view
                    Enabling web message interception
                    Postmessage settings
                    Viewing intercepted messages
                    Viewing message details
                    Spoofing the message origin
                    Injecting a canary via web messages
                    Automatically generating new messages
                    Replaying web messages
                    Generating a proof-of-concept for web message vulnerabilities
          Clickbandit
               Running Burp Clickbandit
               Record mode
               Review mode
          Mobile Assistant
               Routing traffic through Burp Suite
               Bypassing certificate pinning
                    Adding injected apps
                    Injected apps list
                    Recovering from crashes
               Installing Burp Suite Mobile Assistant
     Useful functions
          Message editor
               Message analysis toolbar
                    Raw tab
                    Pretty tab
                    Hex tab
                    Render tab
                    Additional tabs
                    Extension-specific tabs
                    Actions menu
               Other ways of using the message editor
               HTTP/2 messages in the message editor
               Context-specific actions
               Text editor
                    Syntax analysis
                    Pretty printing
                    Line-wrapping
                    Non-printing characters
                    Text editor hotkeys
                    Quick search
               Inspector
                    Request attributes
                    Viewing HTTP message data in the Inspector
                         Automatic decoding
                    HTTP/2 headers and pseudo-headers
                    Selecting a substring
                    Modifying requests using the Inspector
                         Adding new items to a request
                         Removing items from a request
                         Reordering items in a request
                         Editing the name or value of an item
                         Injecting newlines
                         Injecting other non-printing characters
                    Copying items from the Inspector
                    Configuring Inspector display settings
                         Configuring default display settings
               Getting started with the Inspector
                    Tutorial
                         Step 1: Access the lab
                         Step 2: Log in to a user account
                         Step 3: Use the Inspector to examine the request
                         Step 4: Use the Inspector to edit the cookie
                         Step 5: Using the selection widget
                    Learn more about the Inspector
          Burp's browser
               Manual testing with Burp's browser
               Scanning websites with Burp's browser
               Health check for Burp's browser
          Sending requests between different tools
               Sending requests to the same tool
          Search
               Text search
               Find comments and scripts
               Find references
          Learn
          Target analyzer
          Content discovery
               Control
               Target
               Filenames
               File extensions
               Discovery engine
               Site map
          Task scheduler
          Generate CSRF PoC
               CSRF PoC options
          URL-matching rules
               Normal scope control
               Advanced scope control
          Response extraction rules
          Manual testing simulator
     Options
          Project options
          User options
          Key
          Connections
               Platform authentication
               Upstream proxy servers
               SOCKS proxy
               Timeouts
               Hostname resolution
               Out-of-scope requests
          HTTP
               Redirections
               Streaming responses
               Status 100 responses
               HTTP/2
          TLS
               TLS negotiation
               Java TLS options
               Client TLS certificates
               Server TLS certificates
          Sessions
               Session handling challenges
               Session handling rules
                    Session handling tracer
               Cookie jar
               Macros
               Integration with Burp tools
               Rule editor
                    Rule description
                    Rule actions
                         Use cookies from the session handling cookie jar
                         Set a specific cookie or parameter value
                         Check session is valid
                         Prompt for in-browser session recovery
                         Run a macro
                         Run a post-request macro
                         Invoke a Burp extension
                    Tools scope
                    URL scope
                    Parameter scope
               Macro editor
                    Record macro
                    Configuring macro items
                         Cookie handling
                         Parameter handling
                         Custom parameter locations in response
                    Re-analyze macro
                    Test macro
          Misc project options
               Scheduled tasks
               Burp Collaborator server
               Logging
               Burp's browser project options
          Display
               User interface
                    How to enable dark mode in Burp Suite
               HTTP message display
               Character sets
               HTML rendering
               Inspector display settings
          Misc user options
               Hotkeys
               Automatic project backup
               Temporary files location
               REST API options
               Proxy interception
               Proxy history logging
               Performance feedback
                    Logging exceptions to a local directory
               Update settings
               Message search
               Burp's browser
               Tasks
               Learn tab
     Reference
Enterprise Edition
     Getting started with Burp Suite Enterprise Edition
     Working with sites
     Working with scans
     Working with scan results
     Configuring Burp Suite Enterprise Edition infrastructure
     Managing users and permissions
     Integrating with other tools
     Extending capabilities
     Troubleshooting in Burp Suite Enterprise Edition
     API documentation
     Reference
     Getting started
          Additional information
          Preparing for the installation
               Embedded or external database
               Port number
               TLS
               Installation location
               System user
               Scanning machine setup
               Network and firewall configuration
          Installing Burp Suite Enterprise Edition
               Before installation
               Step 1: Download the installer
               Step 2: Choose an install location
               Step 3: Select the components to install
               Step 4: Specify a logs directory
               Step 5: Specify a data directory
               Step 6: Specify a web server port
               Step 7: Select a user to run processes
               Step 8: Select database options
               Step 9: Specify a database backups directory
               After installation
          Configure the application
               Uploading a TLS certificate
               Configuring database details
               Configuring admin user details
          Unattended installation
               Performing an unattended installation for scanning machines
                    Generate a response.varfile for scanning machine deployment
                    Perform an unattended scanning machine deployment using the response.varfile
               Performing an unattended installation of the Enterprise server
                    Generate a response.varfile for Enterprise server deployment
                    Example response.varfile
                    Perform an unattended Enterprise server deployment using the response.varfile
          Quick-start guide
               Install
                    Activating your license
               Run your first scan
               Analyze scan results
          Deploying Burp Suite Enterprise Edition to Kubernetes
               Migrating from a legacy cloud deployment
                    Set up a suitable Kubernetes cluster
                         Using the reference template
                    Install the application
                         Downloading the Helm chart
                         Providing custom values for the Helm chart
                         Using the Helm chart
                    Configuring TLS
                    Back up your data and stop your old service
                         Stopping your scans
                         Scaling your environment down
                         Creating a new database instance
                    Configuring database and admin user details
                         Connecting to your database
                         Creating an admin user
                    Activating your license after migration
                    Check the new deployment
                         Decommission your old deployment
                         Next steps with Kubernetes
               Deploying Burp Suite Enterprise Edition from scratch
                    Set up a suitable Kubernetes cluster
                         Using the reference template
                    Install the application
                         Downloading the Helm chart
                         Providing custom values for the Helm chart
                              Note for Oracle users
                         Using the Helm chart
                         Installing using a pre-existing values file
               Support scope for Kubernetes deployments
                    PortSwigger Kubernetes support scope
                         Not supported
                    Kubernetes customer responsibilities
               Updating Burp Suite Enterprise Edition on Kubernetes
                    Preparing to update
                    Running the update command
          System requirements
               General requirements
                    Swap space (Linux only)
               System requirements for single-machine deployment
               System requirements for multi-machine deployment
               Kubernetes requirements
               Database and storage space
                    Supported database versions
          Deployment options
          Setting up the external DB
               Database setup scripts
                    PostgreSQL
                    Microsoft SQL Server
                    Oracle
                    MariaDB / MySQL
               Database connection URL format
               Troubleshooting for MySQL databases
               Distributing the public key manually
          Activating your license
          What next?
     Working with sites
          Adding new sites
               Adding individual sites
               Importing sites in bulk
          Editing existing sites
          Managing the site tree
               Creating folders and subfolders
               Adding sites to a folder
               Moving folders and subfolders
               Moving a site or folder to the top-level of the site tree
               Deleting sites and folders
          Configuring login details for sites
               Add login credentials
               Add recorded login sequences
                    Limitations for recorded login sequences in Burp Suite Enterprise Edition
                    How to record a login sequence for Burp Suite Enterprise Edition
                    Troubleshooting recorded login sequences for Burp Suite Enterprise Edition
          Performing bulk actions in the site tree
          Setting up scan notifications
               Email notifications
               Slack notifications
     Working with scans
          Creating scans
          Viewing scan details
               Running and completed scans
               Failed scans
          Managing scheduled scans
               Viewing scheduled scans
               Editing scheduled scans
          Scan configurations
               Creating custom scan configurations in Burp Suite Enterprise Edition
                    Crawl options
                    Audit options
                    Connection options
                    Request throttling
          Configuring default false positive settings
          Configuring sites and scan data
               Automatically create sites for API-generated scans
                    How does Burp Suite Enterprise Edition decide which sites to match?
               Automatically delete old scans
               Scan deltas
               Backing up your data
          Performing bulk actions with scans
     Working with scan results
          Tracking issues over time
          Viewing issue details
               Advisory
               Requests and responses
               Dynamic analysis
          Handling false positives
          Raising tickets
               Raising GitLab issues
               Raising Jira tickets
                    Unlink Jira tickets
               Raising Trello cards
          Reporting
               Downloading standard reports
                    Included severities
                    False positives
               Downloading compliance reports
                    Compliance report contents
                    Uncategorized issues
                    Viewing scan details
               Automatically sending scan summary reports
               Downloading charts
               Downloading the event log
     Configuring the infrastructure
          Architecture
               Architecture overview
                    Enterprise server
                    Web server
                    Database
                    Services
                    Scans and scanning machines
               Single vs. multi-machine deployment
                    Single machine deployment
                    Multi-machine deployment
                    Requirements
          Configuring network and firewall settings
               Single-machine deployment
               Multi-system deployment
          Configuring your web server
               Web server URL and port number
               Enabling TLS
               Configuring an HTTP proxy server
          Configuring your SMTP server
          Managing scanning machines
               Scanning machines
                    Scanning pools
               Deploying additional scanning machines
                    Setting up a new scanning machine
                    Authorizing a new scanning machine
               Managing auto-scaling scan resources
                    Auto-scaling overview
                    Setting concurrent scan limits
                    Disabling scanning
                    Amending your license
                    Managing active scans
               Managing scanning pools
                    Features of scanning pools
                    Manage scanning pools
               Assigning scan limits
                    Additional scans
          Configuring the database
               Migrating to an external database
                    Installing the database transfer tool
                    Preparing for migration
                         Prerequisite steps for Oracle databases
                    Migrating your data
                    Restarting services
               Configuring database backups
          Managing updates
               Offline updates
                    Updating Burp Scanner manually
               Downtime during updates
          Enabling CORS
               How to whitelist an application for CORS in Burp Suite Enterprise Edition
               Why do I need to do this?
          Managing your certificates
          Managing Services
               Managing Burp Suite Enterprise Edition services
                    List running services
                    Stop running services
                    Start services
     Managing users and permissions
          Understanding permissions
          Managing users
               Creating a new user
                    Sending email invites to newly created users
               Editing users
          Managing groups
               Restricting access to sites
          Managing roles
          Enabling single sign-on
               LDAP
               SAML
                    Add Burp Suite Enterprise Edition to your trusted applications
                    Obtain key details from your identity provider
                    Enter your identity provider details
                    Additional identity provider configuration
                    Configuring single logout
                    Additional ADFS configuration
                         Create a central claim issuance policy
                         Create claim rules for each group individually
                    Additional Okta configuration
                    Additional Azure AD configuration
               Configuring user permissions
          Configuring SCIM
               Okta
                    Prerequisites
                    Set a port for the SCIM URL and generate an API token
                    Upload a TLS certificate
                    Configure the connection in Okta
                         Enable SCIM provisioning
                         Enter the connection details
                         Configure the provisioning to app settings
                    Push your Okta users and groups to Burp Suite Enterprise Edition
               OneLogin
                    Prerequisites
                    Set a port for the SCIM URL and generate an API token
                    Upload a TLS certificate
                    Configure the connection in OneLogin
                         Enter the connection details
                         Configure the parameters
                    Enable SCIM provisioning
                    Push your OneLogin users to Burp Suite Enterprise Edition
                         Troubleshooting provisioning issues in OneLogin
               Managing SCIM users and groups
                    Assigning permissions to SCIM users
                    Assigning permissions to SCIM groups
                    Removing a SCIM user
          Resetting your admin password
               Resetting your admin password (standard deployments)
               Resetting your admin password (Kubernetes)
          Creating an admin user via the CLI
               Standard deployments
               Kubernetes deployments
               Required parameters
     Integrating with issue tracking platforms
          Integrating with Jira
               (Recommended) Create a new Jira user for the integration
               Generate a Jira API token (Jira Cloud only)
               Connect Burp Suite Enterprise Edition to Jira
                    Enable manual Jira ticket creation
                    Enable automatic Jira ticket creation
               Manually creating Jira tickets
          Integrating with GitLab
               Prerequisites
               (Recommended) Create a new GitLab user for the integration
               Generate a GitLab impersonation token
               Connect Burp Suite Enterprise Edition to GitLab
                    Enable GitLab issues to be raised manually
                    Enable GitLab issues to be raised automatically
               Raising GitLab issues from within Burp Suite Enterprise Edition
          Integrating with Trello
               Prerequisite
               (Recommended) Create a new Trello user for the integration
               Connect Burp Suite Enterprise Edition to Trello
                    Enable manual Trello card creation
                    Enable automatic Trello card creation
               Raising Trello cards from within Burp Suite Enterprise Edition
     Integrating with your CI/CD platform
          Overview of CI/CD platform integration
               Integration types
               Detailed instructions
          Integration types
               Site-driven scan
               Burp scan
          Create an API user
               Create a role and group for CI/CD users
               Create the CI/CD API user
          Jenkins
               Create an API user
               Download and install the plugin
               Configure the integration
               Site-driven scan
                    Prerequisites
                    Whitelist your Jenkins URL
                    Create the site-driven scan build step in Jenkins
                    Test your integration
               Burp scan
                    Prerequisites
                    Create the Burp scan build step in Jenkins
                    Test your integration
          TeamCity
               Create an API user
               Download and install the plugin
               Configure the integration
               Site-driven scan
                    Prerequisites
                    Whitelist your TeamCity URL
                    Create the site-driven scan build step in TeamCity
                    Test your integration
               Burp scan
                    Prerequisites
                    Create the Burp scan build step in TeamCity
                    Test your integration
          Integrating with other CI/CD platforms
               Site-driven scan
                    Prerequisites
                    Add the build steps to your pipeline
                    Test your integration
               Burp scan
                    Prerequisites
                    Add the build steps to your pipeline
                    Test your integration
               Parameter reference
          Optional settings
               Configuring optional settings using the native platform plugins
               Configuring optional settings using the generic CI/CD driver
               Overriding the default scan configurations from your CI/CD system
               Ignoring issues
     Integrating with other tools
          Integrating with Slack
               Prerequisites
               Create a Slack app
               Add the app to your Slack channels
               Connect your Slack app to Burp Suite Enterprise Edition
               Manage which Slack channels are available
     BApps and custom extensions
          Extensions
               Extension library
          Adding extensions
               Prerequisite permissions for adding extensions
               Adding a BApp to Burp Suite Enterprise Edition
               Adding a custom extension to Burp Suite Enterprise Edition
          Managing extensions
               Applying an extension to a new site
               Applying an extension to an existing site
               Viewing extension details
               Removing an extension
               Creating a custom extension for Burp Suite Enterprise Edition
     Troubleshooting
          Downloading logs
          Help center
               Diagnostics
               Debug
               Support pack
               Documentation
     API documentation
          API overview
               Using the APIs
          GraphQL API documentation
               GraphQL API
               GraphQL common tasks
                    Query and mutation names
                    Retrieving a list of scans
                    Retrieving the most recent scan for a site
                    Retrieving basic details for a specific scan
                    Retrieving a list of scan configurations
                    Retrieving basic site tree details
                    Retrieving scan issue information
                    Retrieving all issues for a scan
                    Retrieving detailed information about a specific issue
                    Generating a scan remediation report
                    Creating a site
                    Scheduling a new scan
                    Moving a site to a new folder
          REST API
          Creating API users
     Reference
          Technical infrastructure
          Troubleshooting in Burp Suite Enterprise Edition
          API reference
          User interface
          Home page
               Dashboard
               Issues
          Sites page
               Site filters
               Site actions
          Scans page
               Scans
               Scheduled scans
          Team page
               Users
               Groups
               Roles
          Settings menu
          Site-level view
               Dashboard
               Scans
               Scheduled scans
               Issues
               Details
                    Site details
                    Advanced settings
                    Protocol settings
                    Application logins
                    Default scan configurations
                    Extensions
                    Send scan notifications to Slack
          Folder-level view
               Folder-level dashboard
               Scans
               Issues
          Browser-powered scans
               How to enable browser-powered scanning for Burp Suite Enterprise Edition
                    Enabling browser-powered scanning on Linux machines
Scanner
     Crawling
          Core approach
          Session handling
          Detecting changes in application state
          Application login
          Crawling volatile content
          Crawling with Burp's browser (browser-powered scanning)
     Auditing
          Audit phases
          Issue types
          Insertion points
               Encoding data within insertion points
               Nested insertion points
               Modifying parameter locations
          Automatic session handling
          Avoiding duplication
               Consolidation of frequently occurring passive issues
               Handling of frequently occurring insertion points
          JavaScript analysis
          Handling application errors
     Burp Scanner error reference
Burp Collaborator
     What is Burp Collaborator?
     How Burp Collaborator works
     Security of Collaborator data
     Options for using Burp Collaborator
     Deploying a private server
          Basic set-up on a closed network
          General set-up steps
          Installation and execution
          Collaborator server ports and firewall rules
          Running on non-standard ports
          Collaborator server resources
          DNS configuration
          Collaborator configuration file
          TLS configuration
          Interaction events and polling
          Metrics
          Collaborator logging
          Testing the installation
          Add custom HTTP content
          Add custom DNS records
          Troubleshooting your server
Burp Infiltrator
     How Burp Infiltrator works
     Installing Burp Infiltrator
          Non-interactive installation
     Configuration options
Contents