Burp Suite, the leading toolkit for web application security testing

Doing More With Burp

There are extensive resources on this site and elsewhere to help you learn more about Burp Suite, and take your web application testing to the next level:

  • The best place to start is the Burp Suite Support Center, where you can read numerous articles about using Burp, and join the community discussions with thousands of other active Burp users.
  • If you want to learn more about getting the best out of Burp, you should read the extensive Burp Suite Documentation. This includes a full reference for all of Burp's features and configuration options, together with getting started guides and examples of typical workflow and use-cases.
  • If you are new to web application security, or looking to develop your existing knowledge, a great resource is The Web Application Hacker's Handbook. Co-authored by the creator of Burp, this book is a practical guide to finding and exploiting security flaws in web applications, and aims to be the most deep and comprehensive general purpose guide to hacking web applications that is currently available.
  • If you are looking for more practical experience in security testing of web applications, you could attend a Burp Suite training course from one of our training partners. These courses provide hands-on training on how to use Burp Suite to find real-world vulnerabilities, with a range of options from beginner to expert level.

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Monday, October 19, 2015


This release updates Burp to include a security fix in the BlazeDS library that Burp uses for parsing AMF messages, and disables AMF support by default.

Burp's cookie jar has been updated to support the cookie path attribute.

The functions to save and restore state now include options for handling the unique identifier that Burp uses to track interactions with Burp Collaborator.

See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.