Embedded browser

  • Last updated: October 26, 2021

  • Read time: 2 Minutes

Burp Suite comes with its own embedded Chromium browser, which is ready to use for a variety of manual and automated testing purposes.

Manual testing with Burp's embedded browser

Instead of using an external browser, you can use Burp's embedded browser to manually test your target website or application. This provides several key advantages. Most notably, the embedded browser is preconfigured to work with the full functionality of Burp Suite right out of the box. All of the necessary proxy listener settings are automatically adjusted for you. This means you can launch Burp for the first time and immediately start testing without performing any additional configuration. This includes testing over HTTPS.

To use the embedded browser, go to the "Proxy" > "Intercept" tab and click "Open browser". You can then visit websites and perform any manual actions just like you would with any other browser. All in-scope traffic will automatically be proxied through Burp. This means that as you browse your target website, you can take advantage of Burp Suite's manual testing features. For example, you can intercept and modify requests using Burp Proxy and study the complete HTTP history from the corresponding tabs. You can then send these requests to other tools, such as Burp Repeater and Burp Intruder, to perform additional testing of interesting items that you encounter.

While you browse, Burp's default live tasks will also passively crawl and audit the locations that you visit. This will automatically populate the site map and report any potential security issues as they are identified.

If you prefer, you can still use an external browser for testing. In this case, you just need to perform some additional configuration steps.

Scanning websites with Burp's embedded browser

Burp's embedded browser offers a convenient way to perform manual testing with minimal setup. However, it is perhaps even more powerful when integrated into your automated testing workflow through browser-powered scanning with Burp Scanner.

Embedded browser health check

If you are experiencing any issues with the embedded browser, you can use the "Embedded Browser Health Check" tool to help diagnose the problem. You can access this tool from the "Help" menu. The health check runs a series of tests to check whether the embedded browser is working correctly and provides feedback on any issues that arise.