Test for HTTP Request Smuggling with Burp Suite
HTTP Request Smuggling is a surprisingly potent attack that exploits how different web servers, or even different components within the same server, int.
Burpsuite Articles
49 articles
Test HTTP/2 Applications with Burp Suite
Burp Suite's HTTP/2 support is surprisingly limited, primarily acting as a transparent proxy that tunnels HTTP/2 traffic over HTTP/1.
Set Up Burp Suite to Intercept HTTPS Traffic
Burp Suite can't directly intercept HTTPS traffic without you explicitly telling your browser to trust its fake certificate.
Find IDOR Vulnerabilities with Burp Suite
IDOR vulnerabilities are a lot more common than you'd think, and they often hide in plain sight, relying on a simple oversight: the application trusts t.
Brute Force and Fuzz with Burp Suite Intruder
Brute Force and Fuzz with Burp Suite Intruder — practical guide covering burpsuite setup, configuration, and troubleshooting with real-world examples.
Bypass iOS SSL Pinning with Burp Suite
Bypassing SSL pinning on iOS is less about tricking the app and more about tricking your device into thinking it's the trusted endpoint.
Attack and Test JWTs with Burp Suite
Burp Suite's JWT editor lets you tamper with JSON Web Tokens, but it's not just for testing your own app's security; it's a surprisingly powerful tool f.
Automate Login with Burp Suite Session Macros
Automate Login with Burp Suite Session Macros — practical guide covering burpsuite setup, configuration, and troubleshooting with real-world examples.
Transform Requests Automatically with Match and Replace
The most surprising thing about transforming requests with Match and Replace is that it's not about finding and changing strings; it's about conditional.
Intercept Mobile App Traffic with Burp Suite
Burp Suite can intercept mobile app traffic, but it's not a simple proxy setup; it requires configuring both the Burp Suite listener and the mobile devi.
Test OAuth Flows for Vulnerabilities with Burp Suite
Test OAuth Flows for Vulnerabilities with Burp Suite — OAuth 2.0 is surprisingly fragile and often implemented with subtle, exploitable flaws that don't...
Detect Open Redirect Vulnerabilities with Burp Suite
Open redirects are sneaky because they don't break anything outwardly, but they can be used to send users to malicious sites.
Test for Path Traversal with Burp Suite
Burp Suite's scanner can find path traversal vulnerabilities, but it's not a magic bullet; you still need to understand what it's looking for and how to.
Share Burp Suite Projects Across Your Team
Sharing Burp Suite projects across a team is surprisingly less about a central server and more about carefully managing shared state and avoiding accide.
Find Prototype Pollution with Burp Suite
Prototype pollution is a vulnerability that allows an attacker to inject properties into an object's prototype, which can then affect all objects that i.
Bypass Rate Limiting Controls with Burp Suite
Burp Suite can bypass rate limiting controls by rapidly sending requests that exceed the server's capacity to track or enforce limits on a per-request b.
Manually Test Requests with Burp Suite Repeater
Burp Suite Repeater lets you take an HTTP request Burp intercepted, tweak it, and send it again and again to see how the server responds.
Export Professional Pentest Reports from Burp Suite
Burp Suite's professional pentest report export feature, while seemingly straightforward, is actually a powerful tool that can be customized to generate.
Automate Web Security Testing with Burp Scanner
Burp Scanner doesn't just find vulnerabilities; it discovers them by acting like a persistent, automated, and incredibly thorough attacker.
Analyze Token Randomness with Burp Suite Sequencer
Burp Suite's Sequencer tool doesn't just check if tokens are random; it actively hunts for predictable patterns that attackers can exploit to guess them.
Set Up Burp Suite as an Intercepting Proxy
Burp Suite's free Community Edition is plenty powerful for basic proxying, but its real magic unlocks when you understand how to configure your browser .
Find SQL Injection Vulnerabilities with Burp Suite
Burp Suite can find SQL injection vulnerabilities by actively probing web applications for weaknesses in how they handle user input.
Test for SSRF Vulnerabilities with Burp Suite
Burp Suite can be a surprisingly blunt instrument for finding SSRF vulnerabilities, often revealing them through simple, almost accidental, interactions.
Enumerate Subdomains During Recon with Burp Suite
Enumerate Subdomains During Recon with Burp Suite — practical guide covering burpsuite setup, configuration, and troubleshooting with real-world examples.
Configure Burp Suite Target Scope to Focus Testing
Burp Suite's target scope is the most powerful, yet most misunderstood, feature for focused web application security testing.
Test for Web Cache Poisoning with Burp Suite
Web cache poisoning attacks exploit the trust web servers place in user-supplied input to inject malicious content into the cache, which is then served .
Find XSS Vulnerabilities with Burp Suite
Burp Suite can find Cross-Site Scripting XSS vulnerabilities by actively injecting payloads into web application parameters and observing how the applic.
Test for XXE Injection with Burp Suite
XXE injection vulnerabilities are a lot more about what your server is willing to do with XML than what your client is sending.
Active vs Passive Scanning in Burp Suite: Key Differences
Active scanning in Burp Suite is fundamentally different from passive scanning because it modifies traffic to elicit responses, whereas passive scanning.
Bypass Android SSL Pinning with Burp Suite
Bypass Android SSL Pinning with Burp Suite — practical guide covering burpsuite setup, configuration, and troubleshooting with real-world examples.
Test REST and GraphQL APIs with Burp Suite
Test REST and GraphQL APIs with Burp Suite — practical guide covering burpsuite setup, configuration, and troubleshooting with real-world examples.
Test Authentication Mechanisms with Burp Suite
Test Authentication Mechanisms with Burp Suite — practical guide covering burpsuite setup, configuration, and troubleshooting with real-world examples.
Find Business Logic Flaws with Burp Suite
Burp Suite's core strength isn't finding security flaws, but revealing the hidden, often illogical, assumptions baked into your application's business l.
Test for Clickjacking Vulnerabilities with Burp Suite
Burp Suite can't directly "test" for clickjacking vulnerabilities in the way it scans for XSS or SQL injection; instead, it's a crucial tool for manuall.
Find Out-of-Band Vulnerabilities with Burp Collaborator
Burp Collaborator is a game-changer for finding out-of-band vulnerabilities, but it's not just a passive listener; it's an active participant that can r.
Test for Command Injection with Burp Suite
Test for Command Injection with Burp Suite — practical guide covering burpsuite setup, configuration, and troubleshooting with real-world examples.
Burp Suite Community vs Pro: Is the Upgrade Worth It
Burp Suite Pro isn't just a fancier version of Community; it's a fundamental shift in how you approach web security testing.
Diff HTTP Responses with Burp Suite Comparer
Burp Suite's Comparer tool can highlight even the most subtle differences between two HTTP requests or responses, but understanding what you're seeing r.
Find CORS Misconfigurations with Burp Suite
CORS is a security feature that's often misunderstood, and its misconfigurations are a surprisingly common source of web application vulnerabilities.
Test for CSRF Token Bypass with Burp Suite
Burp Suite can't directly test for CSRF token bypass vulnerabilities; it's a tool for manual and automated testing, meaning you need to tell it what to .
Burp Suite CTF Workflow: Win More Challenges
The most surprising thing about Burp Suite in CTFs is how often its core, free functionality is all you need to dominate, despite the allure of expensiv.
Create Custom Scan Profiles in Burp Suite
Burp Suite's scan profiles are not just about choosing what to scan for; they're about how you want to scan, letting you tailor the aggression, scope, a.
Encode and Decode Data with Burp Suite Decoder
The Burp Suite Decoder is your Swiss Army knife for wrestling with data formats, but its real magic isn't just converting between them; it's revealing t.
Test for Insecure Deserialization with Burp Suite
Burp Suite's built-in scanner can't find insecure deserialization vulnerabilities because it doesn't know what "good" and "bad" deserialized objects loo.
Top Burp Suite Extensions from the BApp Store
The most surprising thing about Burp Suite extensions is that they often expose fundamental design flaws in web applications that even the most sophisti.
Bypass File Upload Restrictions with Burp Suite
Burp Suite can bypass file upload restrictions by exploiting common web application vulnerabilities in how files are validated and processed.
Test GraphQL APIs with Burp Suite Introspection
Test GraphQL APIs with Burp Suite Introspection — practical guide covering burpsuite setup, configuration, and troubleshooting with real-world examples.
Run Burp Suite Headless in Enterprise CI Pipelines
Burp Suite's headless mode is a game-changer for integrating automated security testing into your CI/CD pipeline, but getting it right involves understa.
Test for Host Header Injection with Burp Suite
Burp Suite can't directly test for Host Header Injection; it's a vulnerability you exploit by sending specially crafted requests.