Burp Suite documentation DocumentationDesktop editions Getting started Launching Burp Startup wizard Selecting a project Selecting a configuration Opening a project from a different Burp installation Display settings Next steps Command line Command line arguments Burp projects Project files Saving a copy of a project Saving the Burp Collaborator identifier Importing projects Configuration Configuration library User and project configuration files Loading and saving configuration files Configuration file format Scanning web sites Launching scans Configuring scans Monitoring scan activity Reporting Scan launcher Scan details Scan configuration Application login options Resource pool options Live scans Live scan configuration Live audit Live passive crawl Crawl options Crawl optimization Maximum link depth Crawl strategy Crawl limits Login functions Handling application errors during crawl Miscellaneous crawl settings Audit options Audit optimization Issues reported Handling application errors during audit Insertion point types Modifying parameter locations options Ignored insertion points Frequently occurring insertion points Misc insertion point options JavaScript analysis options Audit items Audit phase indicators Audit items annotations Reporting Report format Issue details HTTP messages Selecting issue types Report details Penetration testing The basics of using Burp Testing workflow Recon and analysis Tool configuration Vulnerability detection and exploitation Read more Configuring your browser Mobile testing Extensibility Troubleshooting Dashboard Task details Task execution settings Task auto-start Resource pools Issue activity Issue activity annotations Tools Target Using Manual application mapping Defining Target scope Reviewing unrequested items Discovering hidden content Analyzing the attack surface Target tool testing workflow Target site map Target information Site map views Contents view Issues view Site map display filter Site map annotations Site map testing workflow Comparing site maps Site map sources Request matching Response comparison Comparison results Scope Proxy Getting started Using Burp Proxy Getting set up Intercepting requests and responses Using the Proxy history Burp Proxy testing workflow Key configuration options Intercepting messages Controls Message display History History table Proxy history display filter Proxy history annotations Proxy history testing workflow Options Proxy listeners Binding Request handling Certificate Exporting and importing the CA certificate Creating a custom CA certificate Intercepting HTTP requests and responses Intercepting WebSockets messages Response modification Match and replace SSL pass through Miscellaneous Invisible proxying Install CA certificate In-browser interface Intruder Getting started Using Burp Intruder How Intruder works Typical uses Enumerating identifiers Harvesting useful data Fuzzing for vulnerabilities Configuring an attack Launching an attack Target Positions Request template Payload markers Attack type Payloads Types Simple list Predefined payload lists Runtime file Custom iterator Character substitution Case modification Recursive grep Illegal Unicode Character blocks Numbers Dates Brute forcer Null payloads Character frobber Bit flipper Username generator ECB block shuffler Extension-generated Copy other payload Processing Payload processing rules Payload encoding Options Attack request headers Request engine Attack results options Grep - match Grep - extract Grep - payloads Handling redirections during attacks Attacks Attack results Results table Intruder attacks display filter Annotations Burp Intruder testing workflow Attack configuration tabs Results menus Attack menu Save menu Columns menu Repeater Using Burp Repeater Issuing requests Request history Repeater options Managing request tabs Options Sequencer Getting started Randomness tests Character-level analysis Bit-level analysis Samples Live capture Select live capture request Token location within response Live capture options Running the live capture Manual load Analysis options Token handling Token analysis Results Summary Character-level analysis results Bit-level analysis results Results analysis options Decoder Loading data into Decoder Transformations Working manually Smart decoding Comparer Loading data into Comparer Performing comparisons Extender Loading and managing extensions Extension details BApp store Burp Extender API Extender options Settings Java environment Python environment Ruby environment Clickbandit Running Burp Clickbandit Record mode Review mode Collaborator client Mobile Assistant Routing traffic through Burp Suite Bypassing certificate pinning Adding injected apps Injected apps list Recovering from crashes Installing Burp Suite Mobile Assistant Useful functions Message editor Message analysis tabs Raw Params Headers Hex HTML XML Render ViewState Context menu commands Text editor Syntax analysis Text editor hotkeys Quick search Search Text search Find comments and scripts Find references Target analyzer Content discovery Control Target Filenames File extensions Discovery engine Site map Task scheduler Generate CSRF PoC CSRF PoC options URL-matching rules Normal scope control Advanced scope control Response extraction rules Manual testing simulator Options Connections Platform authentication Upstream proxy servers SOCKS proxy Timeouts Hostname resolution Out-of-scope requests HTTP Redirections Streaming responses Status 100 responses SSL SSL negotiation Java SSL options Client SSL certificates Server SSL certificates Sessions Session handling challenges Session handling rules Session handling tracer Cookie jar Macros Integration with Burp tools Rule editor Rule description Rule actions Use cookies from the session handling cookie jar Set a specific cookie or parameter value Check session is valid Prompt for in-browser session recovery Run a macro Run a post-request macro Invoke a Burp extension Tools scope URL scope Parameter scope Macro editor Record macro Configuring macro items Cookie handling Parameter handling Custom parameter locations in response Re-analyze macro Test macro Misc project options Scheduled tasks Burp Collaborator server Logging Display User interface HTTP message display Character sets HTML rendering Misc user options Hotkeys Automatic project backup REST API options Proxy interception Proxy history logging Temporary files location Performance feedbackEnterprise Edition Getting started Key features Architecture System requirements Number of machines Machine specifications Database Database size Client browsers Network and firewall configuration Installation Database setup Preparing for installation Initial product installation Post-installation configuration Installing additional agents How do I Scan a web site Set up team Integrate with CI Reference Sites Creating sites Site configuration Site URLs Viewing site details Scans Viewing scan details Viewing scan issue details Setting up scans Scan configurations Agents Agent counts Viewing agent details Agent authorization requests Agent fingerprints Team Users API users Groups Restrictions on sites Roles Settings License Updates Downtime during updates Web server Email Network proxy REST API Burp CI plugins Generic CI driver Configuring CI buildsScanner Crawling Core approach Session handling Detecting changes in application state Application login Crawling volatile content Auditing Audit phases Issue types Insertion points Encoding data within insertion points Nested insertion points Modifying parameter locations Automatic session handling Avoiding duplication Consolidation of frequently occurring passive issues Handling of frequently occurring insertion points JavaScript analysis Handling application errorsBurp Collaborator What is Burp Collaborator? How Burp Collaborator works Security of Collaborator data Options for using Burp Collaborator Deploying a private server Installation and execution Basic set-up on a closed network Running on non-standard ports DNS configuration SSL configuration Interaction events and polling Metrics Collaborator logging Testing the installation Collaborator configuration file formatBurp Infiltrator How Burp Infiltrator works Installing Burp Infiltrator Non-interactive installation Configuration optionsContents