Burp Suite, the leading toolkit for web application security testing

Analysis Results

The results window contains full details of all of the tests performed.


The Summary tab is the first place to look to get an overall conclusion about the degree of randomness in the sample. It includes a chart showing the number of bits of effective entropy at or above each significance level. This provides an intuitive verdict on the number of bits that pass the randomness tests for different possible significance levels.

The tab also reports an estimate of the reliability of the results, based on the number of samples.

Character-level Analysis

The Character-level analysis tab shows the summary results from all character-level tests, and lets you drill down into the detail of each character-level test. It also contains charts showing the size of the character set at each position, and the maximum number of bits of entropy that can be contributed from each character position.

Note that the character-level tests are not reliable if the size of character sets employed is too large relative to the number of samples. For example, if a token employs 64 different characters at each position, and you only capture 100 samples, there is nowhere near enough sample data to draw any reliable conclusions about the distribution of characters. For this reason, when there is a risk of unreliable results, Burp Sequencer will automatically disable the character-level tests, to prevent the character-level results from undermining the overall combined results from the analysis.

Bit-level Analysis

The Bit-level analysis tab shows the summary results from all bit-level tests, and lets you drill down into the detail of each bit-level test. This can let you gain a deeper understanding of the properties of the sample, to identify the causes of any anomalies, and to assess the possibilities for token prediction.

There is also a chart showing the number of bits contributed by each character position in the token. This will enable you cross-reference individual bits within the token back to the original character positions, if you need to.

Analysis Options

The Analysis options tab shows the options that were configured for the analysis. You can modify these and redo the analysis if required. See the following help for more details:

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Monday, January 16, 2017


This release adds various enhancements and fixes:

  • There is a new command-line option to launch Burp with a specified user configuration file.
  • A bug that was recently introduced that prevented license activation in headless mode has been fixed.
  • The Content Discovery function now correctly handles applications that have wildcard behavior for file extensions (e.g. those that return a specific response for admin.xxx regardless of the file extension). This eliminates the only known false positives reported by the new Content Discovery engine.

See all release notes ›

Copyright © 2016 PortSwigger Ltd. All rights reserved.