login

Burp Suite, the leading toolkit for web application security testing

Doing More With Burp

There are extensive resources on this site and elsewhere to help you learn more about Burp Suite, and take your web application testing to the next level:

  • The best place to start is the Burp Suite Support Center, where you can read numerous articles about using Burp, and join the community discussions with thousands of other active Burp users.
  • If you want to learn more about getting the best out of Burp, you should read the extensive Burp Suite Documentation. This includes a full reference for all of Burp's features and configuration options, together with getting started guides and examples of typical workflow and use-cases.
  • If you are new to web application security, or looking to develop your existing knowledge, a great resource is The Web Application Hacker's Handbook. Co-authored by the creator of Burp, this book is a practical guide to finding and exploiting security flaws in web applications, and aims to be the most deep and comprehensive general purpose guide to hacking web applications that is currently available.
  • If you are looking for more practical experience in security testing of web applications, you could attend a Burp Suite training course from one of our training partners. These courses provide hands-on training on how to use Burp Suite to find real-world vulnerabilities, with a range of options from beginner to expert level.

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Friday, August 21, 2015

1.6.25

This release adds a new scan check for external service interaction and out-of-band resource load via injected XML stylesheet tags. Burp now sends XML payloads containing injected stylesheet tags targeting a URL on the Collaborator server, and reports an appropriate issue based on any observed interactions (DNS or HTTP) that reach the Burp Collaborator server.

The release also fixes some issues.

See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.