ENTERPRISEPROFESSIONALCOMMUNITY

Burp Suite documentation - contents

• Last updated: September 9, 2021

• Read time: 12 Minutes

Documentation
Desktop editions
	Getting started
		Intercepting HTTP traffic with Burp Proxy
			Intercepting a request
			Modifying requests in Burp Proxy
		Reissuing requests with Burp Repeater
			Sending a request to Burp Repeater
			Testing different input with Burp Repeater
		Running your first scan
			Scanning a website
			Generating a report
		Activate license
			Manual activation
		Launch from the command line
			Checking your Java version
			Launching the Burp Suite JAR
			Command line arguments
		Startup wizard
			Selecting a project
			Opening a project from a different Burp installation
			Selecting a configuration
		What next?
			Continue your Burp Suite journey
	Video tutorials
		Intercepting HTTP requests and responses
		Resending individual requests with Burp Repeater
		Scanning a website for vulnerabilities
		Using live tasks in Burp Suite
		Using Burp Suite projects
		Using Burp Suite project options
		Touring the Burp Suite user interface
		Using Burp Proxy's interception rules
		Using target scope in Burp Suite
		Testing WebSockets with Burp Suite
	Scanning web sites
		Launching scans
			Configuring scans
		Monitoring scan activity
		Reporting
		Browser-powered scanning
			How to enable browser-powered scanning
			System requirements for browser-powered scanning
			Browser-powered scanning on Linux
		Recorded logins
			Limitations for recorded login sequences
			How to record a login sequence for Burp Scanner
				Recording login sequences using an external browser
			How to test a recorded login sequence
			Troubleshooting recorded login sequences
		Scan launcher
			Scan details
			Scan configuration
			Application login options
				Use login credentials
				Use recorded login sequences
			Resource pool options
		Live scans
			Live scan configuration
			Live audit
			Live passive crawl
		Crawl options
			Crawl optimization
				Maximum link depth
				Crawl strategy
			Crawl limits
			Login functions
				How does the crawler identify login and registration forms?
				Why is the crawler not filling my login forms?
			Handling application errors during crawl
			Miscellaneous crawl settings
				Embedded browser options
		API scanning
			Prerequisites for API scanning
			Deriving locations from an API definition
			Parameter handling during API scans
			Limitations for API scanning
		Audit options
			Audit optimization
			Issues reported
			Handling application errors during audit
			Insertion point types
			Modifying parameter locations options
			Ignored insertion points
			Frequently occurring insertion points
			Misc insertion point options
			JavaScript analysis options
		Audit items
			Audit phase indicators
			Audit items annotations
		Reporting
			Report format
			Issue details
			HTTP messages
			Selecting issue types
			Report details
	Penetration testing
		Testing workflow
		Recon and analysis
		Tool configuration
		Vulnerability detection and exploitation
		Read more
	HTTP/2
		Background concepts
		Default protocol
		Keeping track of which protocol you're using
		Changing the protocol for a request
		Kettled requests
			What can cause a request to become kettled?
			Unkettling a request
			Kettled requests and extensions
		HTTP/2 settings
			Changing the default protocol
			Repeater options for HTTP/2
		Enforce protocol choice on cross-domain redirections
		Enable HTTP/2 connection reuse
		Strip Connection header over HTTP/2
			Disabling HTTP/2 for proxy listeners
		Upcoming enhancements for HTTP/2 in Burp
			Manually testing servers with hidden HTTP/2 support
			Increased support for kettled requests
		Normalization
			What normalization is performed?
				Why can't I move the Host header?
			Sending requests without any normalization
		Performing HTTP/2-exclusive attacks
			Injecting newlines into headers
		HTTP/2 basics for Burp users
			Binary protocol
			Frames
			Message length
			Header capitalization
			Pseudo-headers
	External browser configuration
		Check proxy listener is active
		Chrome
		Firefox
		Safari
		Internet Explorer
		Check your browser configuration
		Installing Burp's CA certificate
			Installing Burp's CA certificate on a mobile device
			Why do I need to install Burp's CA certificate?
			Chrome
				Removing Burp's CA certificate from Firefox
			Chrome
				Installing Burp's CA certificate in Chrome - Windows and MacOS
				Installing Burp's CA certificate in Chrome - Linux
			Chrome
				Removing Burp's CA certificate from Safari
			Chrome
				Removing Burp's CA certificate from Internet Explorer
			Troubleshooting
				Check that Burp is running
				Check your proxy listener is active
				Try a different port
				What next?
	Mobile testing
		Troubleshooting for mobile devices
			I can't access HTTPS URLs on iOS even after installing Burp's CA certificate
	Extensibility
	Projects
		Project files
			Saving a copy of a project
			Saving the Burp Collaborator identifier
			Importing projects
	Configurations
		Configuration library
		User and project configuration files
		Loading and saving configuration files
		Configuration file format
	Troubleshooting
	Troubleshooting performance issues
		Check the minimum system requirements
		Identify potential bottlenecks: CPU, memory, and network
		Optimize CPU usage
			Disabling pretty printing
			Disabling JavaScript analysis
			Configuring your scans for performance
			Narrowing the scope of your scans
			Scanning a single protocol
		Optimize memory usage
			Disabling extensions
			Allocating more memory to the Java machine
			Using a disk-based project
		Optimize network usage
			Reducing concurrent scans
			Configuring resource pools
	Becoming an early adopter
	Dashboard
		Task details
		Task execution settings
			Task auto-start
			Resource pools
		Issue activity
			Issue activity annotations
	Tools
		Target
			Using
				Manual application mapping
				Defining Target scope
				Reviewing unrequested items
				Discovering hidden content
				Analyzing the attack surface
				Target tool testing workflow
			Target site map
				Target information
					Site map views
					Contents view
					Issues view
				Site map display filter
				Site map annotations
				Site map testing workflow
				Comparing site maps
					Site map sources
					Request matching
					Response comparison
					Comparison results
			Scope
		Proxy
			Getting started
			Using Burp Proxy
				Getting set up
				Intercepting requests and responses
				Using the Proxy history
				Burp Proxy testing workflow
				Key configuration options for Burp Proxy
			Intercepting messages
				Controls
				Message display
				Protocol
			History
				History table
				Proxy history display filter
				Proxy history annotations
				Proxy history testing workflow
			Options
				Proxy listeners
					Binding
					Request handling
					Certificate
					Exporting and importing the CA certificate
					Creating a custom CA certificate
					TLS protocols
					HTTP
				Intercepting HTTP requests and responses
				Intercepting WebSocket messages
				Response modification
				Match and replace
				TLS pass through
				Miscellaneous
				Invisible proxying
			In-browser interface
		Intruder
			Getting started
			Using Burp Intruder
				How Intruder works
				Saving an attack
				Typical uses
					Enumerating identifiers
					Harvesting useful data
					Fuzzing for vulnerabilities
			Target
			Positions
				Request template
				Payload markers
				Attack type
			Payloads
				Types
					Simple list
						Predefined payload lists
					Runtime file
					Custom iterator
					Character substitution
					Case modification
					Recursive grep
					Illegal Unicode
					Character blocks
					Numbers
					Dates
					Brute forcer
					Null payloads
					Character frobber
					Bit flipper
					Username generator
					ECB block shuffler
					Extension-generated
					Copy other payload
				Processing
					Payload processing rules
					Payload encoding
			Intruder resource pool
			Options
				Save options
				Attack request headers
				Error handling
				Attack results options
				Grep - match
				Grep - extract
				Grep - payloads
				Handling redirections during attacks
			Configure attack
				Launching an attack
			Attack results
				Results table
					Intruder attacks display filter
					Annotations
					Burp Intruder testing workflow
				Attack configuration tabs
				Results menus
					Attack menu
					Save menu
					Columns menu
			Analyzing results
		Repeater
			Using Burp Repeater
				Using Burp Repeater with HTTP messages
					Sending HTTP requests
					HTTP request history
				Using Burp Repeater with WebSocket messages
				Repeater options
				Managing request tabs
			Options
		Sequencer
			Getting started
			Randomness tests
				Character-level analysis
				Bit-level analysis
			Samples
				Live capture
					Select live capture request
					Token location within response
					Live capture options
					Running the live capture
				Manual load
			Analysis options
				Token handling
				Token analysis
			Results
				Summary
				Character-level analysis results
				Bit-level analysis results
				Results analysis options
		Decoder
			Loading data into Decoder
			Transformations
			Working manually
			Smart decoding
		Comparer
			Loading data into Comparer
			Performing comparisons
		Extender
			Loading and managing extensions
			Extension details
			BApp store
			Burp Extender API
			Extender options
				Settings
				Java environment
				Python environment
				Ruby environment
			Submitting extensions
				Before you submit
				Submit your extension
				Reviewing the extension
				Updating your BApp
		Clickbandit
			Running Burp Clickbandit
			Record mode
			Review mode
		Collaborator client
			Using Burp Collaborator client
		Mobile Assistant
			Routing traffic through Burp Suite
			Bypassing certificate pinning
				Adding injected apps
				Injected apps list
				Recovering from crashes
			Installing Burp Suite Mobile Assistant
		Logger
			Logging and memory
			Logger functionality
			Task logger
			Logger configuration
			Options
				Capture options
				View options
		DOM Invader
			Enabling DOM Invader
			DOM Invader settings
			Augmented DOM
				Injecting a canary
				Changing the canary
				Identifying controllable sources and sinks
				Viewing all potential sinks
				Searching the augmented DOM
				Studying the stack trace
			Postmessage
				Enabling web message interception
				Postmessage settings
				Viewing intercepted messages
				Viewing message details
				Spoofing the message origin
				Injecting a canary via web messages
				Automatically generating new messages
				Replaying web messages
				Generating a proof-of-concept for web message vulnerabilities
	Useful functions
		Message editor
			Message analysis toolbar
				Raw view
				Pretty view
				Hex view
				Render view
				Extension-specific views
				Actions menu
			Other ways of using the message editor
			HTTP/2 messages in the message editor
			Context-specific actions
			Text editor
				Syntax analysis
				Pretty printing
				Non-printing characters
				Text editor hotkeys
				Quick search
			Inspector
				Request attributes
				HTTP/2 headers and pseudo-headers
				Using the context menu
				Working with encoded data in the Inspector
					Automatic decoding
					Decoding selected characters
					Editing encoded data
				Working with individual characters in the Inspector
					Injecting non-printing characters
		Embedded browser
			Manual testing with Burp's embedded browser
			Scanning websites with Burp's embedded browser
			Embedded browser health check
		Search
			Text search
			Find comments and scripts
			Find references
		Target analyzer
		Content discovery
			Control
			Target
			Filenames
			File extensions
			Discovery engine
			Site map
		Task scheduler
		Generate CSRF PoC
			CSRF PoC options
		URL-matching rules
			Normal scope control
			Advanced scope control
		Response extraction rules
		Manual testing simulator
	Options
		Project options
		User options
		Key
		Connections
			Platform authentication
			Upstream proxy servers
			SOCKS proxy
			Timeouts
			Hostname resolution
			Out-of-scope requests
		HTTP
			Redirections
			Streaming responses
			Status 100 responses
			HTTP/2
		TLS
			TLS negotiation
			Java TLS options
			Client TLS certificates
			Server TLS certificates
		Sessions
			Session handling challenges
			Session handling rules
				Session handling tracer
			Cookie jar
			Macros
			Integration with Burp tools
			Rule editor
				Rule description
				Rule actions
					Use cookies from the session handling cookie jar
					Set a specific cookie or parameter value
					Check session is valid
					Prompt for in-browser session recovery
					Run a macro
					Run a post-request macro
					Invoke a Burp extension
				Tools scope
				URL scope
				Parameter scope
			Macro editor
				Record macro
				Configuring macro items
					Cookie handling
					Parameter handling
					Custom parameter locations in response
				Re-analyze macro
				Test macro
		Misc project options
			Scheduled tasks
			Burp Collaborator server
			Logging
			Embedded browser project options
		Display
			User interface
				How to enable dark mode in Burp Suite
			HTTP message display
			Character sets
			HTML rendering
		Misc user options
			Hotkeys
			Automatic project backup
			REST API options
			Proxy interception
			Proxy history logging
			Temporary files location
			Performance feedback
				Logging exceptions to a local directory
			Update settings
			Message search
			Embedded browser
Enterprise Edition
	Getting started with Burp Suite Enterprise Edition
	Technical infrastructure
	Working with Burp Suite Enterprise Edition
	General administration tasks
	Additional configuration and integration
	Troubleshooting in Burp Suite Enterprise Edition
	API reference
	Getting started
		Your deployment options
		On-premise
			Activating your license
		Deploying to the cloud
			AWS
				Main CloudFormation template
					Nested templates
				IAM CloudFormation template
				How to deploy Burp Suite Enterprise Edition on AWS
					Set up the IAM roles
					Set up your own database (optional)
				Configure the connection settings for the VPC security group
					Create the main stack
					Get the DNS name for launching Burp Suite Enterprise Edition
					Set up routing and access the application
			Azure
				Azure Resource Manager template
					Nested templates for Azure Resource Manager
				How to deploy Burp Suite Enterprise Edition on Azure
					Set up a database
				Create a resource group for your database
				Create the database server
				Configure the database connection settings
				Create the database and users
					Deploy the main stack to Azure
				Overriding the default values (optional)
				Create the service principal
				Enter the remaining details for your deployment
					Configure connection security settings
					Set up routing and access the application
				Troubleshooting
					The deployment is complete but bsee-application is in a "failed" state
					How do I remove Burp Suite Enterprise Edition from Azure?
		Analyze scan results
		Creating a new initial admin user
		Preparing for the installation
		Run your first scan
		Setting up the external DB
			Database setup scripts
				PostgreSQL
				Microsoft SQL Server
				Oracle
				MariaDB / MySQL
			Database connection URL format
			Troubleshooting for MySQL databases
			Distributing the public key manually
		What next?
			Get more out of Burp Suite Enterprise Edition
	Infrastructure
		Core components
			Enterprise server
			Web server
			Database
			Services
			Agents and agent machines
		Services
			Managing Burp Suite Enterprise Edition services
				List running services
				Stop running services
				Start services
		Agents
		Agent machines
			Agent machine pools
		Requirements
		Required number of machines
			Multi-machine deployment
			Requirements
		System requirements
			General requirements
				Swap space (Linux only)
			Bundled deployment
			External agent machines
			Database and storage space
				Supported database versions
		Network and firewall configuration
			Fully bundled deployment
			Multi-system deployment
		Supported client browsers
	Working with Burp Suite Enterprise Edition
		Starting Burp Suite Enterprise Edition
			Home page
		Working with sites
			Sites page
			Creating sites
			Adding application logins
				Add login credentials
				Add recorded login sequences
					Limitations for recorded login sequences in Burp Suite Enterprise Edition
					How to record a login sequence for Burp Suite Enterprise Edition
					Troubleshooting recorded login sequences for Burp Suite Enterprise Edition
			Viewing site details
				Site-level dashboard
				Scans
				Issues
				Details
					Site URLs
			Folders
				Viewing folder details
					Folder-level dashboard
					Scans
					Issues
		Working with scans
			Scans page
			Scan configurations
				Creating custom scan configurations in Burp Suite Enterprise Edition
					Crawl options
					Audit options
					Connection options
					Request throttling
			Creating scans
			Browser-powered scans
				How to enable browser-powered scanning for Burp Suite Enterprise Edition
					Enabling browser-powered scanning on Linux machines
			Viewing scan details
				Scheduled scans
				Running and completed scans
				Failed scans
			Extensions
				Extension library
				Adding extensions to Burp Suite Enterprise Edition
					Prerequisite permissions for adding extensions
					Adding a BApp to Burp Suite Enterprise Edition
					Adding a custom extension to Burp Suite Enterprise Edition
				Using extensions in Burp Suite Enterprise Edition
					Applying an extension to a new site
					Applying an extension to an existing site
				Viewing extension details
				Removing an extension
				Creating a custom extension for Burp Suite Enterprise Edition
		Scan results
			Viewing issue details
				Advisory
				Requests and responses
				Dynamic analysis
			Handling false positives
			Jira tickets
			Monitoring your progress
			Reporting
				Downloading scan reports
					Report type
					Included severities
					False positives
				Automatically sending scan summary reports
				Downloading charts
				Downloading the event log
	Administration tasks
		Additional configuration and integration tasks
		General administration tasks
		Activating your license
		Configuring your web server
			Web server URL and port number
			Enabling TLS
			Configuring an HTTP proxy server
		Connecting to an SMTP server
			Sending invites to newly created users
			Configuring email recipients for scan reports
		Integrating with Jira
			Creating your Jira API token (cloud only)
			Configuring the integration
			Manually creating Jira tickets
		Integrating with your CI/CD platform
			Integration types
			Detailed instructions
			Integration types
				Site-driven scan
				Burp scan
			Create an API user
				Create a role and group for CI/CD users
				Create the CI/CD API user
			Jenkins
				Create an API user
				Download and install the plugin
				Configure the integration
				Site-driven scan
					Prerequisites
					Whitelist your Jenkins URL
					Create the site-driven scan build step in Jenkins
					Test your integration
				Burp scan
					Prerequisites
					Create the Burp scan build step in Jenkins
					Test your integration
			TeamCity
				Create an API user
				Download and install the plugin
				Configure the integration
				Site-driven scan
					Prerequisites
					Whitelist your TeamCity URL
					Create the site-driven scan build step in TeamCity
					Test your integration
				Burp scan
					Prerequisites
					Create the Burp scan build step in TeamCity
					Test your integration
			Other
				Site-driven scan
					Prerequisites
					Add the build steps to your pipeline
					Test your integration
				Burp scan
					Prerequisites
					Add the build steps to your pipeline
					Test your integration
				Parameter reference
			Optional settings
				Configuring optional settings using the native platform plugins
				Configuring optional settings using the generic CI/CD driver
				Overriding the default scan configurations from your CI/CD system
				Ignoring issues
		Enabling CORS
			How to whitelist an application for CORS in Burp Suite Enterprise Edition
			Why do I need to do this?
		Deploying additional agent machines
			Setting up a new agent machine
			Authorizing a new agent machine
		Assigning agents
			Requesting additional agents
		Managing agent machine pools
			Features of agent machine pools
			Manage agent machine pools
		Migrating to an external database
			Installing the database transfer tool
			Preparing for migration
				Prerequisite steps for Oracle databases
			Migrating your data
			Restarting services
		Enabling single sign-on
			LDAP
			SAML
				Add Burp Suite Enterprise Edition to your trusted applications
				Obtain key details from your identity provider
				Enter your identity provider details
				Additional identity provider configuration
				Configuring single logout
				Additional ADFS configuration
					Create a central claim issuance policy
					Create claim rules for each group individually
				Additional Okta configuration
				Additional Azure AD configuration
			Configuring user permissions
		Managing your team
			Users
				Creating a new user
				Creating API users
			Roles
			Groups
			Restricting access to sites
		Managing your certificates
		Managing the site tree
			Creating folders and subfolders
			Adding sites to a folder
		Managing sites and scan data
			Automatically create sites for API-generated scans
				How does Burp Suite Enterprise Edition decide which sites to match?
			Automatically delete old scans
			Scan deltas
			Configuring false positive settings
			Backing up your data
		Managing updates
			Offline updates
			Downtime during updates
	Troubleshooting
		Downloading logs
		Help center
			Diagnostics
			Debug
			Support pack
	API reference
		GraphQL API
		REST API
Scanner
	Crawling
		Core approach
		Session handling
		Detecting changes in application state
		Application login
		Crawling volatile content
		Crawling with the embedded browser (browser-powered scanning)
	Auditing
		Audit phases
		Issue types
		Insertion points
			Encoding data within insertion points
			Nested insertion points
			Modifying parameter locations
		Automatic session handling
		Avoiding duplication
			Consolidation of frequently occurring passive issues
			Handling of frequently occurring insertion points
		JavaScript analysis
		Handling application errors
Burp Collaborator
	What is Burp Collaborator?
	How Burp Collaborator works
	Security of Collaborator data
	Options for using Burp Collaborator
	Deploying a private server
		Basic set-up on a closed network
		General set-up steps
		Installation and execution
		Collaborator server ports and firewall rules
		Running on non-standard ports
		Collaborator server resources
		DNS configuration
		Collaborator configuration file
		TLS configuration
		Interaction events and polling
		Metrics
		Collaborator logging
		Testing the installation
		Add custom HTTP content
		Add custom DNS records
		Troubleshooting your server
Burp Infiltrator
	How Burp Infiltrator works
	Installing Burp Infiltrator
		Non-interactive installation
	Configuration options
Contents