Burp Suite
Last updated
Was this helpful?
Last updated
Was this helpful?
This document contains
Burp Suite is web application penetration testing framework written in Java
Burp Suite is a comprehensive platform for web application security testing. It provides a range of features, including a web proxy, web spider, vulnerability scanner, and manual testing tools, to help security professionals and ethical hackers test the security of web applications.
Burp Suite installers:
FoxyProxy used to send requests to burp suite proxy:
Installing certificates:
Burp Suite Features
Proxy: intercept requests
Repeater: modify requests
Intruder: bruteforce/spray endpoints
Decoder: decode/encorde payloads
Comparer: compare data
Sequencer: test for randomness
Extender: use other modules written for Burp Suite
Burp Proxy
Burp Proxy intercepts website requests so they can be utilized in Burp Suite
Use to send browser requests to Burp Suite using the following settings (Use Proxy IP: 127.0.0.1
& Port: 8080
in FoxyProxy to send request to Burp Suite)
For SSL use http://burp/cert
, download cacert.der
, add this certificate to about:preferences
in FireFox or Chrome
Use the Burp Browser by first going to Project options -> Misc -> Embedded Browser
and checking the option Allow the embedded browser to run without a sandbox
Right Click and select Add to Scope
while in the Target
Tab and add an Add rule in Proxy Options
to ensure that URLs are in the target scope to help filter captured traffic
Jython Interpreter in Burp extender
The official Burp Suite documentation: https://portswigger.net/burp/documentation PortSwigger's blog: https://portswigger.net/blog/ The Burp Suite community: https://portswigger.net/community/ The Burp Suite support center: https://portswigger.net/support The Burp Suite YouTube channel: https://www.youtube.com/channel/UCxlIPvCvSo2QZmI1cgL9d9g The Burp Suite User Group on LinkedIn: https://www.linkedin.com/groups/4503164/ OWASP's Burp Suite page: https://owasp.org/www-project-web-security-testing-guide/v2/5-Web_Application_Penetration_Testing/02-Application_Discovery/01-Reconnaissance/03-Proxies Online courses and tutorials: Udemy, Pluralsight, and Coursera offer courses on Burp Suite and web application security.