You can configure payload processing rules so that Burp Intruder modifies payloads before it inserts them into the request. This is useful for a variety of purposes, such as when you need to: Generate ...

Professional By default, attacks are saved in-memory, so they are lost if you close Burp Suite. However, you can save them to your project file. Select Save attack to project file. We recommend that ...

If scandals such as the 2018 Facebook breach have taught us anything, it’s that we don’t have full control of our personal data. As we increasingly live our lives online, we leave a digital footprint ...

A new BChecks testing tool will make testing BChecks just as easy as it is to write them. Send suitable requests to the tool, and use them as test cases to confirm that your BCheck is working. Alter ...

JavaScript was originally a client-side language designed to run in browsers. However, due to the emergence of server-side runtimes, such as the hugely popular Node.js, JavaScript is now widely used ...

This page requires JavaScript for an enhanced user experience.

You can write Java-based Bambdas to create custom filters for your HTTP history. Two objects of the Montoya API are available to help you write your Bambdas: Burp compiles your Bambda and applies it ...

This page requires JavaScript for an enhanced user experience.

Manipulator-in-the-middle (previously referred to as ‘man-in-the-middle’) attacks involve scenarios where attackers successfully position themselves between a target and a trusted entity or resource.

This lab contains a blind OS command injection vulnerability in the feedback function. The application executes a shell command containing the user-supplied details. The command is executed ...

In this section, we'll show you how you can take advantage of the standard decoding performed by websites to evade input filters and inject harmful payloads for a variety of attacks, such as XSS and ...

The number of mobile security breaches has exploded alongside the widespread adoption of smartphones. This presents an ever-growing threat, as we increasingly connect our mobiles to other IoT devices.