Best for pentesters and hands-on security professionals. Free up testing time with scalable, automated scanning Automated DAST scanning without limits. Free up testing time with trusted Burp ...

We've introduced a feature that enables you to create HTTP match and replace rules using Bambdas. This enables you to handle complex or bulk changes more flexibly and easily. For example, you could ...

AppSec teams face a wide range of challenges when securing their API estate against attack threats. In our recent webinar, which demonstrated the enhanced API scanning features in Burp Suite ...

You can set the type of payload that you want to inject into the base request. Burp Intruder provides a range of options for auto-generating different types of ...

Professional By default, attacks are saved in-memory, so they are lost if you close Burp Suite. However, you can save them to your project file. Select Save attack to project file. We recommend that ...

Follow the steps on this page to set up your own private instance of the Collaborator server. This may be useful in the following situations: Alternatively, you can configure the Collaborator server ...

You can configure payload processing rules so that Burp Intruder modifies payloads before it inserts them into the request. This is useful for a variety of purposes, such as when you need to: Generate ...

Burp Intruder is a powerful tool for performing highly customizable, automated attacks against websites. It enables you to configure attacks that send the same request over and over again, inserting ...

When you send a request to Burp Intruder, a new tab is created containing the request and target details. You can set payload positions anywhere in these fields. These positions determine where Burp ...

When you send an HTTP request to Burp Intruder, it opens in a new attack tab. Burp Intruder enables you to insert payloads into defined positions in an HTTP request, then send each version of the ...

You can upload an OpenAPI definition (version 2.0 or 3.0.x) or a SOAP WSDL to run a specific API scan. To run an API scan, click New scan > API scan on the Dashboard. The API scan launcher opens. To ...

This is a quick reference guide to troubleshooting the most common Burp Scanner error messages. You can use Ctrl/Cmd + F to search for the error you've encountered to ...