Burp contains a large number of Suite-wide options that affect the behavior of all tools. These are divided into project-level and user-level options.
Some options can be defined at both the project and user level. For these options, you can configure your normal options at the user level, and then override these if required on a per-project basis. For example, you might normally use a corporate LAN proxy to connect to the Internet, and you can configure this in your user-level settings. For particular projects, when testing an internal application or on site at a particular client, you might need to use a different upstream proxy or none at all. You can configure this in your project-level settings for the relevant projects.
Use the links below for help on each group of project-level options:
User-level options are stored within the local installation of Burp, and are automatically reloaded each time Burp starts. They can also be saved and loaded from configuration files.
Use the links below for help on each group of user-level options:
Get help and join the community discussions at the Burp Suite Support Center.
This release introduces a new scan check for second-order SQL injection vulnerabilities. In situations where Burp observes stored user input being returned in a response, Burp Scanner now performs its usual logic for detecting SQL injection, with payloads supplied at the input submission point, and evidence for a vulnerability detected at the input retrieval point.