login

Burp Suite, the leading toolkit for web application security testing

Payloads

This tab is used to configure one or more payload sets. The number of payload sets depends on the attack type defined in the Positions tab. For many common tasks, such as fuzzing parameters, brute force guessing a user's password, or cycling through page identifiers, only a single payload set is needed.

The configuration steps needed to configure a payload set are as follows:

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Friday, February 12, 2016

1.6.37

This release gives the Scanner the capability to report all instances where user input is returned in application responses, both reflected and stored. The information gathered is primarily of use to manual security testers. Some applications contain numerous instances of input retrieval, since it is very common for the entire URL to be reflected within responses. For these reasons, the new Scanner checks are off by default, but can be turned on in the Scanner options.

See all release notes ›

Copyright © 2016 PortSwigger Ltd. All rights reserved.