Results

PROFESSIONAL COMMUNITY

Testing for blind SSRF with Burp Suite

Blind server-side request forgery (SSRF) is a vulnerability that allows an attacker to induce an application to send HTTP requests to a specified URL, but ...

PROFESSIONAL

Automated content discovery with Burp Suite

You can use Burp Suite Professional's automated content discovery tool to discover hidden directories, files, and other endpoints. The tool uses lists of ...

DAST

Viewing scan details

Cloud Self-hosted You can view details for running or completed scans in the Scans menu. The information available changes depending on the scan status. ...

DAST

Allowlisting an application for CORS

Cloud Self-hosted You can use our GraphQL API to integrate Burp Suite DAST with third-party applications. For web applications that send requests to the API ...

DAST

Managing Kubernetes scanning resources

Self-hosted This page explains how to configure scanning resources on Kubernetes instances of Burp Suite DAST. Setting concurrent scan limits In theory, ...

DAST

Deploying Burp Suite DAST to Kubernetes

To deploy Burp Suite DAST to Kubernetes: Step 1: Set up your Kubernetes cluster Step 2: Install the application Step 3: Create the admin user Step 4: ...

DAST

Downloading reports

Cloud Self-hosted This section describes how to generate Standard and Compliance reports in HTML or PDF format. You can send scan summary reports ...

PROFESSIONAL COMMUNITY

Modifying HTTP requests with Burp Proxy

Learn how to use Burp Proxy to intercept and modify web traffic in Burp Suite Professional / Burp Suite Community Edition.

PROFESSIONAL COMMUNITY

Testing for IDORs

Insecure Direct Object References (IDORs) are a type of access control vulnerability in which an application uses user-supplied input to access objects such ...

PROFESSIONAL

Setting the scan scope in Burp Suite Professional

The Scan details section of the scan launcher enables you to define the details of what will be scanned, including the URL from which the scan should start. ...