The "Analysis options" tab lets you configure how tokens are
handled, and which types of tests are performed
during the analysis.
These settings control how tokens are handled during analysis. The
following options are available:
- Pad short tokens at start / end - If the tokens
produced by the application have variable length, these will need to be
padded to enable the statistical tests to be performed. You can choose
whether the padding should be applied at the start or the end of each
token. In most cases, padding tokens at the start is most appropriate.
- Pad with - You can specify the character that will
be used for padding. In most cases, for numeric or ASCII hex-encoded
tokens, padding with the "0" character is most appropriate.
- Base64-decode before analyzing - If the tokens are
Base64-encoded, you can configure Burp to decode these before analyzing,
which will generally improve the accuracy of the analysis.
These options control the types of analyses that are performed. You can
individually enable or disable each type of character-level and bit-level
test. Sometimes, after performing an initial analysis with all tests
enabled, you may want to disable certain tests to reflect your better
understanding of the tokens' characteristics, or to isolate the effects of
any unusual characteristics manifested by your sample.
In the results window, after modifying any of the analysis options you
can click the "Redo analysis" button to re-perform the analysis with your
new settings, and update the results.
Tuesday, April 12, 2016
This major release introduces several new features, including:
- Burp projects
- Burp configuration files
- A new startup wizard
- New APIs
- New command line arguments
See all release notes ›