ENTERPRISEPROFESSIONALCOMMUNITY

Burp Suite documentation - contents

• Last updated: May 17, 2022

• Read time: 18 Minutes

Documentation
Desktop editions
	Getting started
		Download and install
		Intercepting HTTP traffic with Burp Proxy
			Intercepting a request
		Modifying requests in Burp Proxy
			Step 1: Access the vulnerable website in Burp's browser
			Step 2: Log in to your shopping account
			Step 3: Find something to buy
			Step 4: Study the add to cart function
			Step 5: Modify the request
			Step 6: Exploit the vulnerability
		Reissuing requests with Burp Repeater
			Sending a request to Burp Repeater
			Testing different input with Burp Repeater
		Running your first scan
			Scanning a website
			Generating a report
		What next?
			Continue your Burp Suite journey
		Activate license
			Manual activation
		Launch from the command line
			Checking your Java version
			Launching the Burp Suite JAR
			Command line arguments
		Mac installer
		Startup wizard
			Selecting a project
			Opening a project from a different Burp installation
			Selecting a configuration
		System requirements
			CPU cores / memory
			Free disk space
			Operating system and architecture
	Tutorials
		Video overviews
		Guided tutorials
		Intercepting HTTP requests and responses
		Resending individual requests with Burp Repeater
		Scanning a website
		Using live tasks in Burp Suite
		Using Burp Suite projects
		Using Burp Suite project options
		Touring the Burp Suite user interface
		Using Burp Proxy's interception rules
		Using target scope in Burp Suite
		Testing WebSockets with Burp Suite
		Reducing noise
			Setting a basic target scope
			Using filters
		Viewing requests sent by Burp extensions using Logger
			Step 1: Send requests using an extension
			Step 2: Go to the Logger tab
			Step 3: Filter the Logger tab
			Step 4: Viewing individual requests
			Summary
		Brute-forcing a login with Burp Intruder
			What is a Cluster bomb attack?
			Brute-forcing a login using a Cluster bomb attack
				Summary and next steps
		Enumerating subdomains with Burp Intruder
			Summary and next steps
		Testing for reflected XSS with Burp Repeater
			Step 1: Find an interesting request
			Step 2: Send the request to Burp Repeater
			Step 3: Search the response for your reflected input
			Step 4: Identify the injection context
			Step 5: Test for flawed input sanitization
			Step 6: Send an XSS proof of concept
			Summary
			Read more
		Using match and replace rules
			Step 1: Open the lab
			Step 2: Attempt to access the admin panel
			Step 3: Add a custom match and replace rule
			Step 4: Try to access the admin panel again
			Summary and next steps
		Credential stuffing using Burp Intruder
			What is credential stuffing?
			Step 1: Open the lab
			Step 2: Send a login request to Burp Intruder
			Step 3: Select the attack type
			Step 4: Configure the payload positions
			Step 5: Add the username payloads
			Step 6: Add the password payloads
			Step 7: Start the attack
			Step 8: Analyze the results
			Step 9: Confirm your results
			Summary
			What next?
		Testing for asynchronous vulnerabilities using Burp Collaborator
			Step 1: Access the lab
			Step 2: Identify a suitable input to test
			Step 3: Open the Burp Collaborator client
			Step 4: Getting a payload URL
			Step 5: Inject your Collaborator payload into a request
			Step 6: Poll for interactions
			Summary
			What next?
			Collaborator Everywhere
		Augmenting manual testing using Burp Scanner
			Scanning specific requests
			Scanning user-defined insertion points
			Summary
	Scanning web sites
		Launching scans
			Configuring scans
		Monitoring scan activity
		Reporting
		Browser-powered scanning
			How to enable browser-powered scanning
			System requirements for browser-powered scanning
			Browser-powered scanning on Linux
		Recorded logins
			Limitations for recorded login sequences
			How to record a login sequence for Burp Scanner
				Recording login sequences using an external browser
			How to test a recorded login sequence
			Troubleshooting recorded login sequences
		Scan launcher
			Scan details
			Scan configuration
			Application login options
				Use login credentials
				Use recorded login sequences
			Resource pool options
		Live scans
			Live scan configuration
			Live audit
			Live passive crawl
		Crawl options
			Crawl optimization
				Maximum link depth
				Crawl strategy
			"Fastest" crawl strategy
			Crawl limits
			Login functions
				How does the crawler identify login and registration forms?
				Why is the crawler not filling my login forms?
			Handling application errors during crawl
			Miscellaneous crawl settings
				Burp's browser options
		API scanning
			Prerequisites for API scanning
			Deriving locations from an API definition
			Parameter handling during API scans
			Limitations for API scanning
		Audit options
			Audit optimization
			Issues reported
			Handling application errors during audit
			Insertion point types
			Modifying parameter locations options
			Ignored insertion points
			Frequently occurring insertion points
			Misc insertion point options
			JavaScript analysis options
		Burp Scanner built-in configurations
			Audit checks - all except JavaScript analysis
			Audit checks - all except time-based detection methods
			Audit checks - critical issues only
			Audit checks - extensions only
			Audit checks - light active
			Audit checks - medium active
			Audit checks - passive
			Audit coverage - maximum
			Audit coverage - thorough
			Crawl limit - 10 minutes
			Crawl limit - 30 minutes
			Crawl limit - 60 minutes
			Crawl strategy - faster
			Crawl strategy - fastest
			Crawl strategy - more complete
			Crawl strategy - most complete
			Minimize false negatives
			Minimize false positives
			Never stop audit due to application errors
			Never stop crawl due to application errors
		Audit items
			Audit phase indicators
			Audit items annotations
		Reporting
			Report format
			Issue details
			HTTP messages
			Selecting issue types
			Report details
	Penetration testing
		Testing workflow
		Recon and analysis
		Tool configuration
		Vulnerability detection and exploitation
		Read more
	HTTP/2
		Background concepts
		Default protocol
		Keeping track of which protocol you're using
		Changing the protocol for a request
		Kettled requests
			What can cause a request to become kettled?
			Unkettling a request
			Kettled requests and extensions
		HTTP/2 settings
			Changing the default protocol
			Repeater options for HTTP/2
		Enforce protocol choice on cross-domain redirections
		Enable HTTP/2 connection reuse
		Strip Connection header over HTTP/2
		Allow HTTP/2 ALPN override
			Disabling HTTP/2 for proxy listeners
		Upcoming enhancements for HTTP/2 in Burp
			Increased support for kettled requests
		Normalization
			What normalization is performed?
				Why can't I move the Host header?
			Sending requests without any normalization
		Performing HTTP/2-exclusive attacks
			Injecting newlines into headers
		HTTP/2 basics for Burp users
			Binary protocol
			Frames
			Message length
			Header capitalization
			Pseudo-headers
	External browser configuration
		Check proxy listener is active
		Chrome
		Firefox
		Safari
		Internet Explorer
		Check your browser configuration
		Installing Burp's CA certificate
			Installing Burp's CA certificate on a mobile device
			Why do I need to install Burp's CA certificate?
			Chrome
				Removing Burp's CA certificate from Firefox
			Chrome
				Installing Burp's CA certificate in Chrome - Windows and MacOS
				Installing Burp's CA certificate in Chrome - Linux
			Chrome
				Removing Burp's CA certificate from Safari
			Chrome
				Removing Burp's CA certificate from Internet Explorer
			Troubleshooting
				Check that Burp is running
				Check your proxy listener is active
				Try a different port
				What next?
	Mobile testing
		Troubleshooting for mobile devices
			I can't access HTTPS URLs on iOS even after installing Burp's CA certificate
	Extensibility
	Projects
		Project files
			Saving a copy of a project
			Saving the Burp Collaborator identifier
			Importing projects
			Recovering corrupted project files
	Configurations
		Configuration library
		User and project configuration files
		Loading and saving configuration files
		Configuration file format
	Troubleshooting
	Troubleshooting performance issues
		Check the minimum system requirements
		Identify potential bottlenecks: CPU, memory, and network
		Optimize CPU usage
			Disabling pretty printing
			Disabling JavaScript analysis
			Configuring your scans for performance
			Narrowing the scope of your scans
			Scanning a single protocol
		Optimize memory usage
			Disabling extensions
			Allocating more memory to the Java machine
			Using a disk-based project
		Optimize network usage
			Reducing concurrent scans
			Configuring resource pools
	Becoming an early adopter
	Dashboard
		Task details
		Task execution settings
			Task auto-start
			Resource pools
		Issue activity
			Issue activity annotations
	Tools
		Target
			Using
				Manual application mapping
				Defining Target scope
				Reviewing unrequested items
				Discovering hidden content
				Analyzing the attack surface
				Target tool testing workflow
			Target site map
				Target information
					Site map views
					Contents view
					Issues view
				Site map display filter
				Site map annotations
				Site map testing workflow
				Getting started
					Tutorial
						Step 1: Access the lab
						Step 2: Go to the site map
						Step 3: Update the site map
						Step 4: Filter the displayed information
						Step 5: Set the target scope using the site map
				Comparing site maps
					Site map sources
					Request matching
					Response comparison
					Comparison results
			Scope
		Proxy
			Getting started
			Getting started with Burp Proxy's intercept feature
				Tutorial
					Step 1: Access the lab
					Step 2: Log in to a user account
					Step 3: Find something to buy
					Step 4: Intercept the add to cart request
					Step 5: Modify the request
					Step 6: Send the modified request to the server
				Learn more about Burp Proxy's intercept feature
			Using Burp Proxy
				Getting set up
				Intercepting requests and responses
				Using the Proxy history
				Burp Proxy testing workflow
				Key configuration options for Burp Proxy
			Intercepting messages
				Controls
				Message display
				Protocol
			History
				History table
				Proxy history display filter
				Proxy history annotations
				Proxy history testing workflow
				Getting started with HTTP history
					Tutorial
						Step 1: Access the lab
						Step 2: Populate the HTTP history
						Step 3: View a request and response
						Step 4: Sort and filter the history table
						Step 5: Send a request to another tool
					Learn more about Burp Proxy's HTTP history
				Getting started with WebSockets history
					Tutorial
						Step 1: Access the lab
						Step 2: Populate the WebSockets history
						Step 3: View a WebSockets message
						Step 4: Sort and filter the message history table
						Step 5: Send a message to another tool
						Learn more about Burp Proxy's WebSockets history
			Options
				Proxy listeners
					Binding
					Request handling
					Certificate
					Exporting and importing the CA certificate
					Creating a custom CA certificate
					TLS protocols
					HTTP
				Intercepting HTTP requests and responses
				Intercepting WebSocket messages
				Response modification
				Match and replace
				TLS pass through
				Miscellaneous
				Invisible proxying
			In-browser interface
		Intruder
			Getting started
				Tutorial
					Step 1: Access the lab
					Step 2: Try to log in
					Step 3: Set the payload positions
					Step 4: Select an attack type
					Step 5: Add the payloads
					Step 6: Start the attack
					Step 7: Look for any irregular responses
					Step 8: Study the response
					What next?
				Learn more about Burp Intruder
			Using Burp Intruder
				How Intruder works
				Saving an attack
				Typical uses
					Enumerating identifiers
					Harvesting useful data
					Fuzzing for vulnerabilities
			Attack types
				Sniper
				Battering ram
				Pitchfork
				Cluster bomb
			Positions
				Target field
				Request template
				Setting up the Target field and request template
				Payload markers
			Payloads
				Types
					Simple list
						Predefined payload lists
					Runtime file
					Custom iterator
					Character substitution
					Case modification
					Recursive grep
					Illegal Unicode
					Character blocks
					Numbers
					Dates
					Brute forcer
					Null payloads
					Character frobber
					Bit flipper
					Username generator
					ECB block shuffler
					Extension-generated
					Copy other payload
				Processing
					Payload processing rules
					Payload encoding
			Intruder resource pool
			Options
				Save options
				Attack request headers
				Error handling
				Attack results options
				Grep - match
				Grep - extract
				Grep - payloads
				Handling redirections during attacks
			Configure attack
				Launching an attack
			Attack results
				Results table
					Intruder attacks display filter
					Annotations
					Burp Intruder testing workflow
				Attack configuration tabs
				Results menus
					Attack menu
					Save menu
					Columns menu
			Analyzing results
		Repeater
			Getting started with Burp Repeater
				Tutorial
					Step 1: Access the lab
					Step 2: Browse the target site
					Step 3: Identify an interesting request
					Step 4: Send a request to Burp Repeater
					Step 5: Issue the request and view the response
					Step 6: Reissue the request with different input
					Step 7: Try sending unexpected input
					Step 8: View the request history
				Learn more about Burp Repeater
			Using Burp Repeater
				Using Burp Repeater with HTTP messages
					Sending HTTP requests
					HTTP request history
				Using Burp Repeater with WebSocket messages
				Repeater options
				Managing request tabs
			Options
		Sequencer
			Getting started
			Randomness tests
				Character-level analysis
				Bit-level analysis
			Samples
				Live capture
					Select live capture request
					Token location within response
					Live capture options
					Running the live capture
				Manual load
			Analysis options
				Token handling
				Token analysis
			Results
				Summary
				Character-level analysis results
				Bit-level analysis results
				Results analysis options
		Decoder
			Loading data into Decoder
			Transformations
			Working manually
			Smart decoding
		Comparer
			Loading data into Comparer
			Performing comparisons
		Extender
			Loading and managing extensions
			Extension details
			BApp store
			Burp Extender API
			Extender options
				Settings
				Java environment
				Python environment
				Ruby environment
			Submitting extensions
				Before you submit
				Submit your extension
				Reviewing the extension
				Updating your BApp
		Logger
			Logging and memory
			Logger functionality
			Task logger
			Logger configuration
			Getting started with Logger
				Tutorial
					Step 1: Access the lab
					Step 2: View requests on the Logger tab
					Step 3: Audit a specific request with Burp Scanner
					Step 4: Examine the requests made by Burp Scanner
					Step 5: Sort and filter the Logger tab
					Step 6: Disable and clear the Logger history
				Learn more about Logger
			Options
				Capture options
				View options
		Collaborator client
			Using Burp Collaborator client
		DOM Invader
			Enabling DOM Invader
			DOM Invader settings
			DOM view
				Injecting a canary
				Changing the canary
				Identifying controllable sources and sinks
				Viewing all potential sinks
				Searching the augmented DOM
				Studying the stack trace
			Messages view
				Enabling web message interception
				Postmessage settings
				Viewing intercepted messages
				Viewing message details
				Spoofing the message origin
				Injecting a canary via web messages
				Automatically generating new messages
				Replaying web messages
				Generating a proof-of-concept for web message vulnerabilities
		Clickbandit
			Running Burp Clickbandit
			Record mode
			Review mode
		Mobile Assistant
			Routing traffic through Burp Suite
			Bypassing certificate pinning
				Adding injected apps
				Injected apps list
				Recovering from crashes
			Installing Burp Suite Mobile Assistant
	Useful functions
		Message editor
			Message analysis toolbar
				Raw tab
				Pretty tab
				Hex tab
				Render tab
				Additional tabs
				Extension-specific tabs
				Actions menu
			Other ways of using the message editor
			HTTP/2 messages in the message editor
			Context-specific actions
			Text editor
				Syntax analysis
				Pretty printing
				Line-wrapping
				Non-printing characters
				Text editor hotkeys
				Quick search
			Inspector
				Request attributes
				Viewing HTTP message data in the Inspector
					Automatic decoding
				HTTP/2 headers and pseudo-headers
				Selecting a substring
				Modifying requests using the Inspector
					Adding new items to a request
					Removing items from a request
					Reordering items in a request
					Editing the name or value of an item
					Injecting newlines
					Injecting other non-printing characters
				Copying items from the Inspector
				Configuring Inspector display settings
					Configuring default display settings
			Getting started with the Inspector
				Tutorial
					Step 1: Access the lab
					Step 2: Log in to a user account
					Step 3: Use the Inspector to examine the request
					Step 4: Use the Inspector to edit the cookie
					Step 5: Using the selection widget
				Learn more about the Inspector
		Burp's browser
			Manual testing with Burp's browser
			Scanning websites with Burp's browser
			Health check for Burp's browser
		Sending requests between different tools
			Sending requests to the same tool
		Search
			Text search
			Find comments and scripts
			Find references
		Learn
		Target analyzer
		Content discovery
			Control
			Target
			Filenames
			File extensions
			Discovery engine
			Site map
		Task scheduler
		Generate CSRF PoC
			CSRF PoC options
		URL-matching rules
			Normal scope control
			Advanced scope control
		Response extraction rules
		Manual testing simulator
	Options
		Project options
		User options
		Key
		Connections
			Platform authentication
			Upstream proxy servers
			SOCKS proxy
			Timeouts
			Hostname resolution
			Out-of-scope requests
		HTTP
			Redirections
			Streaming responses
			Status 100 responses
			HTTP/2
		TLS
			TLS negotiation
			Java TLS options
			Client TLS certificates
			Server TLS certificates
		Sessions
			Session handling challenges
			Session handling rules
				Session handling tracer
			Cookie jar
			Macros
			Integration with Burp tools
			Rule editor
				Rule description
				Rule actions
					Use cookies from the session handling cookie jar
					Set a specific cookie or parameter value
					Check session is valid
					Prompt for in-browser session recovery
					Run a macro
					Run a post-request macro
					Invoke a Burp extension
				Tools scope
				URL scope
				Parameter scope
			Macro editor
				Record macro
				Configuring macro items
					Cookie handling
					Parameter handling
					Custom parameter locations in response
				Re-analyze macro
				Test macro
		Misc project options
			Scheduled tasks
			Burp Collaborator server
			Logging
			Burp's browser project options
		Display
			User interface
				How to enable dark mode in Burp Suite
			HTTP message display
			Character sets
			HTML rendering
			Inspector display settings
		Misc user options
			Hotkeys
			Automatic project backup
			Temporary files location
			REST API options
			Proxy interception
			Proxy history logging
			Performance feedback
				Logging exceptions to a local directory
			Update settings
			Message search
			Burp's browser
			Tasks
			Learn tab
	Reference
Enterprise Edition
	Getting started with Burp Suite Enterprise Edition
	Working with sites
	Working with scans
	Working with scan results
	Configuring Burp Suite Enterprise Edition infrastructure
	Managing users and permissions
	Integrating with other tools
	Extending capabilities
	Troubleshooting in Burp Suite Enterprise Edition
	API documentation
	Reference
	Getting started
		Additional information
		Preparing for the installation
			Embedded or external database
			Port number
			TLS
			Installation location
			System user
			Scanning machine setup
			Network and firewall configuration
		Installing Burp Suite Enterprise Edition
			Before installation
			Step 1: Download the installer
			Step 2: Choose an install location
			Step 3: Select the components to install
			Step 4: Specify a logs directory
			Step 5: Specify a data directory
			Step 6: Specify a web server port
			Step 7: Select a user to run processes
			Step 8: Select database options
			Step 9: Specify a database backups directory
			After installation
		Configure the application
			Uploading a TLS certificate
			Configuring database details
			Configuring admin user details
		Unattended installation
			Performing an unattended installation for scanning machines
				Generate a response.varfile for scanning machine deployment
				Perform an unattended scanning machine deployment using the response.varfile
			Performing an unattended installation of the Enterprise server
				Generate a response.varfile for Enterprise server deployment
				Example response.varfile
				Perform an unattended Enterprise server deployment using the response.varfile
		Quick-start guide
			Install
				Activating your license
			Run your first scan
			Analyze scan results
		Deploying Burp Suite Enterprise Edition to Kubernetes
			Migrating from a legacy cloud deployment
				Set up a suitable Kubernetes cluster
					Using the reference template
				Install the application
					Downloading the Helm chart
					Providing custom values for the Helm chart
					Using the Helm chart
				Configuring TLS
				Back up your data and stop your old service
					Stopping your scans
					Scaling your environment down
					Creating a new database instance
				Configuring database and admin user details
					Connecting to your database
					Creating an admin user
				Activating your license after migration
				Check the new deployment
					Decommission your old deployment
					Next steps with Kubernetes
			Deploying Burp Suite Enterprise Edition from scratch
				Set up a suitable Kubernetes cluster
					Using the reference template
				Install the application
					Downloading the Helm chart
					Providing custom values for the Helm chart
						Note for Oracle users
					Using the Helm chart
					Installing using a pre-existing values file
			Support scope for Kubernetes deployments
				PortSwigger Kubernetes support scope
					Not supported
				Kubernetes customer responsibilities
			Updating Burp Suite Enterprise Edition on Kubernetes
				Preparing to update
				Running the update command
		System requirements
			General requirements
				Swap space (Linux only)
			System requirements for single-machine deployment
			System requirements for multi-machine deployment
			Kubernetes requirements
			Database and storage space
				Supported database versions
		Deployment options
		Setting up the external DB
			Database setup scripts
				PostgreSQL
				Microsoft SQL Server
				Oracle
				MariaDB / MySQL
			Database connection URL format
			Troubleshooting for MySQL databases
			Distributing the public key manually
		Activating your license
		What next?
	Working with sites
		Adding new sites
			Adding individual sites
			Importing sites in bulk
		Editing existing sites
		Managing the site tree
			Creating folders and subfolders
			Adding sites to a folder
			Moving folders and subfolders
			Moving a site or folder to the top-level of the site tree
			Deleting sites and folders
		Configuring login details for sites
			Add login credentials
			Add recorded login sequences
				Limitations for recorded login sequences in Burp Suite Enterprise Edition
				How to record a login sequence for Burp Suite Enterprise Edition
				Troubleshooting recorded login sequences for Burp Suite Enterprise Edition
		Performing bulk actions in the site tree
		Setting up scan notifications
			Email notifications
			Slack notifications
	Working with scans
		Creating scans
		Viewing scan details
			Running and completed scans
			Failed scans
		Managing scheduled scans
			Viewing scheduled scans
			Editing scheduled scans
		Scan configurations
			Creating custom scan configurations in Burp Suite Enterprise Edition
				Crawl options
				Audit options
				Connection options
				Request throttling
		Configuring default false positive settings
		Configuring sites and scan data
			Automatically create sites for API-generated scans
				How does Burp Suite Enterprise Edition decide which sites to match?
			Automatically delete old scans
			Scan deltas
			Backing up your data
		Performing bulk actions with scans
	Working with scan results
		Tracking issues over time
		Viewing issue details
			Advisory
			Requests and responses
			Dynamic analysis
		Handling false positives
		Raising tickets
			Raising GitLab issues
			Raising Jira tickets
				Unlink Jira tickets
			Raising Trello cards
		Reporting
			Downloading standard reports
				Included severities
				False positives
			Downloading compliance reports
				Compliance report contents
				Uncategorized issues
				Viewing scan details
			Automatically sending scan summary reports
			Downloading charts
			Downloading the event log
	Configuring the infrastructure
		Architecture
			Architecture overview
				Enterprise server
				Web server
				Database
				Services
				Scans and scanning machines
			Single vs. multi-machine deployment
				Single machine deployment
				Multi-machine deployment
				Requirements
		Configuring network and firewall settings
			Single-machine deployment
			Multi-system deployment
		Configuring your web server
			Web server URL and port number
			Enabling TLS
			Configuring an HTTP proxy server
		Configuring your SMTP server
		Managing scanning machines
			Scanning machines
				Scanning pools
			Deploying additional scanning machines
				Setting up a new scanning machine
				Authorizing a new scanning machine
			Managing auto-scaling scan resources
				Auto-scaling overview
				Setting concurrent scan limits
				Disabling scanning
				Amending your license
				Managing active scans
			Managing scanning pools
				Features of scanning pools
				Manage scanning pools
			Assigning scan limits
				Additional scans
		Configuring the database
			Migrating to an external database
				Installing the database transfer tool
				Preparing for migration
					Prerequisite steps for Oracle databases
				Migrating your data
				Restarting services
			Configuring database backups
		Managing updates
			Offline updates
				Updating Burp Scanner manually
			Downtime during updates
		Enabling CORS
			How to whitelist an application for CORS in Burp Suite Enterprise Edition
			Why do I need to do this?
		Managing your certificates
		Managing Services
			Managing Burp Suite Enterprise Edition services
				List running services
				Stop running services
				Start services
	Managing users and permissions
		Understanding permissions
		Managing users
			Creating a new user
				Sending email invites to newly created users
			Editing users
		Managing groups
			Restricting access to sites
		Managing roles
		Enabling single sign-on
			LDAP
			SAML
				Add Burp Suite Enterprise Edition to your trusted applications
				Obtain key details from your identity provider
				Enter your identity provider details
				Additional identity provider configuration
				Configuring single logout
				Additional ADFS configuration
					Create a central claim issuance policy
					Create claim rules for each group individually
				Additional Okta configuration
				Additional Azure AD configuration
			Configuring user permissions
		Configuring SCIM
			Okta
				Prerequisites
				Set a port for the SCIM URL and generate an API token
				Upload a TLS certificate
				Configure the connection in Okta
					Enable SCIM provisioning
					Enter the connection details
					Configure the provisioning to app settings
				Push your Okta users and groups to Burp Suite Enterprise Edition
			OneLogin
				Prerequisites
				Set a port for the SCIM URL and generate an API token
				Upload a TLS certificate
				Configure the connection in OneLogin
					Enter the connection details
					Configure the parameters
				Enable SCIM provisioning
				Push your OneLogin users to Burp Suite Enterprise Edition
					Troubleshooting provisioning issues in OneLogin
			Managing SCIM users and groups
				Assigning permissions to SCIM users
				Assigning permissions to SCIM groups
				Removing a SCIM user
		Resetting your admin password
			Resetting your admin password (standard deployments)
			Resetting your admin password (Kubernetes)
		Creating an admin user via the CLI
			Standard deployments
			Kubernetes deployments
			Required parameters
	Integrating with issue tracking platforms
		Integrating with Jira
			(Recommended) Create a new Jira user for the integration
			Generate a Jira API token (Jira Cloud only)
			Connect Burp Suite Enterprise Edition to Jira
				Enable manual Jira ticket creation
				Enable automatic Jira ticket creation
			Manually creating Jira tickets
		Integrating with GitLab
			Prerequisites
			(Recommended) Create a new GitLab user for the integration
			Generate a GitLab impersonation token
			Connect Burp Suite Enterprise Edition to GitLab
				Enable GitLab issues to be raised manually
				Enable GitLab issues to be raised automatically
			Raising GitLab issues from within Burp Suite Enterprise Edition
		Integrating with Trello
			Prerequisite
			(Recommended) Create a new Trello user for the integration
			Connect Burp Suite Enterprise Edition to Trello
				Enable manual Trello card creation
				Enable automatic Trello card creation
			Raising Trello cards from within Burp Suite Enterprise Edition
	Integrating with your CI/CD platform
		Overview of CI/CD platform integration
			Integration types
			Detailed instructions
		Integration types
			Site-driven scan
			Burp scan
		Create an API user
			Create a role and group for CI/CD users
			Create the CI/CD API user
		Jenkins
			Create an API user
			Download and install the plugin
			Configure the integration
			Site-driven scan
				Prerequisites
				Whitelist your Jenkins URL
				Create the site-driven scan build step in Jenkins
				Test your integration
			Burp scan
				Prerequisites
				Create the Burp scan build step in Jenkins
				Test your integration
		TeamCity
			Create an API user
			Download and install the plugin
			Configure the integration
			Site-driven scan
				Prerequisites
				Whitelist your TeamCity URL
				Create the site-driven scan build step in TeamCity
				Test your integration
			Burp scan
				Prerequisites
				Create the Burp scan build step in TeamCity
				Test your integration
		Integrating with other CI/CD platforms
			Site-driven scan
				Prerequisites
				Add the build steps to your pipeline
				Test your integration
			Burp scan
				Prerequisites
				Add the build steps to your pipeline
				Test your integration
			Parameter reference
		Optional settings
			Configuring optional settings using the native platform plugins
			Configuring optional settings using the generic CI/CD driver
			Overriding the default scan configurations from your CI/CD system
			Ignoring issues
	Integrating with other tools
		Integrating with Slack
			Prerequisites
			Create a Slack app
			Add the app to your Slack channels
			Connect your Slack app to Burp Suite Enterprise Edition
			Manage which Slack channels are available
	BApps and custom extensions
		Extensions
			Extension library
		Adding extensions
			Prerequisite permissions for adding extensions
			Adding a BApp to Burp Suite Enterprise Edition
			Adding a custom extension to Burp Suite Enterprise Edition
		Managing extensions
			Applying an extension to a new site
			Applying an extension to an existing site
			Viewing extension details
			Removing an extension
			Creating a custom extension for Burp Suite Enterprise Edition
	Troubleshooting
		Downloading logs
		Help center
			Diagnostics
			Debug
			Support pack
			Documentation
	API documentation
		API overview
			Using the APIs
		GraphQL API documentation
			GraphQL API
			GraphQL common tasks
				Query and mutation names
				Retrieving a list of scans
				Retrieving the most recent scan for a site
				Retrieving basic details for a specific scan
				Retrieving a list of scan configurations
				Retrieving basic site tree details
				Retrieving scan issue information
				Retrieving all issues for a scan
				Retrieving detailed information about a specific issue
				Generating a scan remediation report
				Creating a site
				Scheduling a new scan
				Moving a site to a new folder
		REST API
		Creating API users
	Reference
		Technical infrastructure
		Troubleshooting in Burp Suite Enterprise Edition
		API reference
		User interface
		Home page
			Dashboard
			Issues
		Sites page
			Site filters
			Site actions
		Scans page
			Scans
			Scheduled scans
		Team page
			Users
			Groups
			Roles
		Settings menu
		Site-level view
			Dashboard
			Scans
			Scheduled scans
			Issues
			Details
				Site details
				Advanced settings
				Protocol settings
				Application logins
				Default scan configurations
				Extensions
				Send scan notifications to Slack
		Folder-level view
			Folder-level dashboard
			Scans
			Issues
		Browser-powered scans
			How to enable browser-powered scanning for Burp Suite Enterprise Edition
				Enabling browser-powered scanning on Linux machines
Scanner
	Crawling
		Core approach
		Session handling
		Detecting changes in application state
		Application login
		Crawling volatile content
		Crawling with Burp's browser (browser-powered scanning)
	Auditing
		Audit phases
		Issue types
		Insertion points
			Encoding data within insertion points
			Nested insertion points
			Modifying parameter locations
		Automatic session handling
		Avoiding duplication
			Consolidation of frequently occurring passive issues
			Handling of frequently occurring insertion points
		JavaScript analysis
		Handling application errors
	Burp Scanner error reference
Burp Collaborator
	What is Burp Collaborator?
	How Burp Collaborator works
	Security of Collaborator data
	Options for using Burp Collaborator
	Deploying a private server
		Basic set-up on a closed network
		General set-up steps
		Installation and execution
		Collaborator server ports and firewall rules
		Running on non-standard ports
		Collaborator server resources
		DNS configuration
		Collaborator configuration file
		TLS configuration
		Interaction events and polling
		Metrics
		Collaborator logging
		Testing the installation
		Add custom HTTP content
		Add custom DNS records
		Troubleshooting your server
Burp Infiltrator
	How Burp Infiltrator works
	Installing Burp Infiltrator
		Non-interactive installation
	Configuration options
Contents