login

Burp Suite, the leading toolkit for web application security testing

Working With Burp Projects

Burp projects are used to manage your work on different tasks or target applications. You can create two types of Burp projects:

Project Files

Burp project files hold all of the data and configuration for a particular piece of work. Data is saved incrementally into the file as you work. There is no need to specifically "save" your work when you are finished.

You can reopen an existing project when Burp starts, using the startup wizard or command line arguments. Burp will reload the project's data and configuration, and you can resume working where you left off.

Note: Testing of some applications can generate significant amounts of data, and so Burp project files can potentially grow to be very large (e.g. several gigabytes in size). You should ensure that you have sufficient free disk space available when using Burp project files.

Configuration Files

You can use configuration files to manage different Burp configurations for particular tasks. For example, you might need to load a particular configuration when working on a particular client. Or you might create different configurations for different types of scans.

User and Project Configuration Files

Separate configuration files can be used to manage user-level and project-level options.

User configuration files contain options relating to the individual user's environment and UI, including:

Project configuration files contain options relating to the work that is being performed on a particular target application, including:

Loading and Saving Configuration Files

You can load and save configuration files in various ways:

Configuration File Format

Configuration files use the JSON format. The structure and naming scheme used within the JSON correspond to the way that options are presented within the Burp UI. The easiest way to generate a configuration file for a particular purpose is to create the desired configuration within the Burp UI and save a configuration file from it. If preferred, you can also hand-edit an existing configuration file, since the contents are human-readable and self-documenting.

Partial configuration files can be used when needed. You can create a partial configuration file by saving the configuration of just one area of Burp, via the "Options" button on each configuration panel, or by removing the unneeded sections from a full configuration file. When configuration is loaded from a partial configuration file, any options that are not defined within that file are left unchanged. This allows you to create small focused partial configuration files for common purposes, and load them when required to create a desired overall configuration.

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Thursday, September 8, 2016

1.7.06

This release introduces a new scan check for second-order SQL injection vulnerabilities. In situations where Burp observes stored user input being returned in a response, Burp Scanner now performs its usual logic for detecting SQL injection, with payloads supplied at the input submission point, and evidence for a vulnerability detected at the input retrieval point.

See all release notes ›

Copyright © 2016 PortSwigger Ltd. All rights reserved.