Burp contains a large number of Suite-wide options that affect the behavior of all tools. These are divided into project-level and user-level options.
Some options can be defined at both the project and user level. For these options, you can configure your normal options at the user level, and then override these if required on a per-project basis. For example, you might normally use a corporate LAN proxy to connect to the Internet, and you can configure this in your user-level settings. For particular projects, when testing an internal application or on site at a particular client, you might need to use a different upstream proxy or none at all. You can configure this in your project-level settings for the relevant projects.
Project-level options are stored within the Burp project file for disk-based projects. They can also be saved and loaded from project configuration files.
Use the links below for help on each group of project-level options:
User-level options are stored within the local installation of Burp, and are automatically reloaded each time Burp starts. They can also be saved and loaded from configuration files.
Use the links below for help on each group of user-level options:
Get help and join the community discussions at the Burp Suite Support Center.
This release adds a new scan check for client-side template injection.
It is very common for applications that use AngularJS to incorporate user input into HTML responses within the client-side template. AngularJS has a long history of sandbox escapes that permit execution of arbitrary JavaScript via template expressions. Hence, when user input is echoed within AngularJS templates, it is frequently possible to perform XSS attacks using minimal syntax that is not usually sufficient to perform XSS, and so not blocked by input filters.