liminfo

Burp Suite Reference

Free reference guide: Burp Suite Reference

27 results

About Burp Suite Reference

The Burp Suite Reference is a searchable cheat sheet covering all major modules of Burp Suite Professional, the industry-standard web application security testing toolkit. It includes Proxy operations (intercept toggle, forwarding, HTTP history, Match and Replace rules, TLS Pass Through), Scanner features (active scanning, passive scanning, crawl-and-audit workflows, scan configuration, and issue definitions).

The reference details Intruder attack types including Sniper (sequential single-position), Battering Ram (same payload to all positions), Pitchfork (parallel multi-payload), and Cluster Bomb (all combinations), along with payload processing for encoding and hashing transforms.

Additional coverage includes Repeater for manual request modification and response comparison, Sequencer for token randomness analysis with character-level entropy and FIPS 140-2 testing, and Extensions including BApp Store installation, custom Python/Jython and Java extension development, and Logger++ for advanced traffic logging.

Key Features

  • Proxy module reference with intercept toggle, HTTP history, and Match and Replace rules
  • Scanner workflows covering active scan, passive scan, and crawl-and-audit configurations
  • All four Intruder attack types explained: Sniper, Battering Ram, Pitchfork, Cluster Bomb
  • Payload processing rules for Base64 encoding, hashing, and custom transforms
  • Repeater operations including request modification, redirection following, and response comparison
  • Sequencer token analysis with live capture, manual load, and FIPS 140-2 randomness testing
  • Extension development guides for Python/Jython and Java with IBurpExtender interface examples
  • BApp Store integration and Logger++ advanced logging extension setup

Frequently Asked Questions

What are the four Intruder attack types in Burp Suite?

Sniper inserts one payload set into each marked position sequentially. Battering Ram inserts the same payload into all positions simultaneously. Pitchfork uses different payload sets in parallel per position (one-to-one). Cluster Bomb tests all possible payload combinations across all positions.

How do I intercept and modify HTTP requests with Burp Proxy?

Navigate to Proxy > Intercept and ensure "Intercept is on." When a request is captured, you can view and edit it, then click Forward to send it to the server or Drop to discard it. Use Ctrl+R to send any request to Repeater for repeated testing.

What is the difference between active and passive scanning?

Passive scanning automatically analyzes proxy traffic for vulnerabilities without sending additional requests. Active scanning sends crafted payloads (SQL injection, XSS, etc.) to actively probe for security issues. Active scanning can be launched from Dashboard > New Scan or by right-clicking a target URL.

How does Sequencer analyze session token randomness?

Sequencer captures tokens via live capture or manual load, then performs statistical analysis including character-level entropy (bits of randomness per position) and FIPS 140-2 compliance tests. Results show an overall Pass/Fail assessment of token randomness quality.

How do I write a custom Burp Suite extension in Python?

Create a class that implements IBurpExtender with a registerExtenderCallbacks method. Set the extension name via callbacks.setExtensionName(). You need Jython installed and configured in Extender > Options. Extensions can register HTTP listeners, scanner checks, and custom UI tabs.

What is Match and Replace in Burp Proxy used for?

Match and Replace lets you define automatic substitution rules for HTTP requests and responses passing through the proxy. Common uses include changing User-Agent headers, modifying cookies, removing security headers, or replacing parameter values for testing.

How do I compare multiple HTTP responses in Burp Suite?

Right-click a response and select "Send to Comparer." Repeat with the second response. Open the Comparer tab to view highlighted differences between the two responses, which is useful for identifying how parameter changes affect server behavior.

What does TLS Pass Through do in Burp Proxy settings?

TLS Pass Through allows you to specify hostnames whose TLS traffic should not be intercepted or decrypted by Burp. This is useful for domains you do not want to test (e.g., *.google.com) to reduce noise and avoid breaking services that use certificate pinning.