login

Burp Suite, the leading toolkit for web application security testing

Text Editor

The text editor is used by the HTTP message editor for displaying requests and responses in raw form, and elsewhere within Burp for displaying plain text content.  

Syntax Analysis

Syntax in HTTP requests and responses is automatically colorized to highlight interesting items, such as parameters in requests and HTML elements in responses. You can configure this behavior, and also the font, in message display options.

When syntax colorizing is enabled, the editor also displays mouse-over popups showing the decoded values of syntax items where appropriate. For HTTP requests, the popups perform URL-decoding, and for responses they perform HTML-decoding.

Hotkeys

The text editor supports hotkeys for various common actions. These can be configured in the hotkeys options, and the default hotkeys relevant to the text editor are as follows:

Text Search

At the bottom of the text editor is a search bar that can be used to quickly find expressions within the displayed text. As you type into the search box, the editor will automatically highlight matching items in the text. The "<" and ">" buttons can be used to move the selection to the previous or next match. The "+" button displays the following options:

Note that in addition to search highlights, some Burp tools apply their own highlights to requests and responses. For example, Burp Scanner highlights relevant parts of HTTP messages in its issue advisories. If you are not using the search function, you can use the "<" and ">" to move the selection between the tool-generated highlights.

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Monday, January 16, 2017

1.7.16

This release adds various enhancements and fixes:

  • There is a new command-line option to launch Burp with a specified user configuration file.
  • A bug that was recently introduced that prevented license activation in headless mode has been fixed.
  • The Content Discovery function now correctly handles applications that have wildcard behavior for file extensions (e.g. those that return a specific response for admin.xxx regardless of the file extension). This eliminates the only known false positives reported by the new Content Discovery engine.

See all release notes ›

Copyright © 2016 PortSwigger Ltd. All rights reserved.