Burp Comparer is a simple tool for performing a comparison (a visual "diff") between any two items of data. Some common uses for Burp Comparer are as follows:
You can load data into Comparer in the following ways:
Each item of loaded data is shown in two identical lists. To perform a comparison, select a different item from each list and click one of the "Compare" buttons:
Note: The byte-level comparison is considerably more computationally intensive, and you should normally only employ this option when a word-level comparison has failed to identify the relevant differences in an informative way.
When you initiate a comparison, a new window appears showing the results of the comparison. The title bar of the window indicates the total number of differences (i.e. edits) between the two items. The two main panels show the compared items colorized to indicate each modification, deletion and addition required to transform the first item into the second.
You can view each item in text or hex form. Selecting the "Sync views" option will enable you to scroll the two panels simultaneously and so quickly identify the interesting edits in most situations.
Get help and join the community discussions at the Burp Suite Support Center.
This release gives the Scanner the capability to report all instances where user input is returned in application responses, both reflected and stored. The information gathered is primarily of use to manual security testers. Some applications contain numerous instances of input retrieval, since it is very common for the entire URL to be reflected within responses. For these reasons, the new Scanner checks are off by default, but can be turned on in the Scanner options.