A new BChecks testing tool will make testing BChecks just as easy as it is to write them. Send suitable requests to the tool, and use them as test cases to confirm that your BCheck is working. Alter ...

This release introduces the Burp Intruder capture filter, automatic decoding of SMTP messages in Burp Collaborator, improved accuracy of recorded logins and a number of other improvements.

You can set the type of payload that you want to inject into the base request. Burp Intruder provides a range of options for auto-generating different types of ...

You can use Burp Suite to perform security tests for mobile applications. To do this, you need to configure the mobile device to proxy its traffic via Burp Proxy ...

You can configure payload processing rules so that Burp Intruder modifies payloads before it inserts them into the request. This is useful for a variety of purposes, such as when you need to: Generate ...

When testing web applications, you may encounter challenges relating to session handling and application state. For example: The application may terminate the testing session, either defensively or ...

A proxy listener is a local HTTP proxy server that listens for incoming connections from the browser. It enables you to monitor and intercept all requests and responses. By default, Burp creates a ...

You need to configure Firefox so that you can use it for testing with Burp Suite.

You can configure an Android device to proxy HTTP traffic through Burp Suite. This enables you to test Android apps just like ordinary websites. The process for doing ...

DOM-based XSS vulnerabilities usually arise when JavaScript takes data from an attacker-controllable source, such as the URL, and passes it to a sink that supports dynamic code execution, such as eval ...

If you need to use an external browser with Burp instead of Burp's preconfigured Chromium browser, perform the following configuration steps. For the vast majority of users, this process is not ...

Many servers now support HTTP/2. This exposes them to potential vulnerabilities that are impossible to test for using tools that only speak HTTP/1. Burp Suite provides unrivaled support for ...