You can set the type of payload that you want to inject into the base request. Burp Intruder provides a range of options for auto-generating different types of ...

In this section, we'll explain what content security policy is, and describe how CSP can be used to mitigate against some common attacks. CSP is a browser security mechanism that aims to mitigate XSS ...

The traditional way to prove that you've found a cross-site scripting vulnerability is to create a popup using the alert() function. This isn't because XSS has ...

Burp Suite contains a wealth of features and capabilities to support manual and automated security testing. Use the links below for more information: Like any security testing software, Burp Suite ...

This lab has a "Check stock" feature that parses XML input and returns any unexpected values in the response. The lab server is running a (simulated) EC2 metadata ...

You need to configure Firefox so that you can use it for testing with Burp Suite.

A proxy listener is a local HTTP proxy server that listens for incoming connections from the browser. It enables you to monitor and intercept all requests and responses. By default, Burp creates a ...

Many servers now support HTTP/2. This exposes them to potential vulnerabilities that are impossible to test for using tools that only speak HTTP/1. Burp Suite provides unrivaled support for ...

Phishing involves tricking a target into submitting their ID, password, or payment card data to an attacker. Login credentials for online banking, webmail, or e-commerce sites are among the potential ...

In this section, we will describe what DOM clobbering is, demonstrate how you can exploit DOM vulnerabilities using clobbering techniques, and suggest ways you can reduce your exposure to DOM ...

JSON web tokens (JWTs) are a standard format for sending cryptographically signed JSON data between systems. They're commonly used in authentication, session management, and access control mechanisms.

Burp Suite is a comprehensive suite of tools for web application security testing. This interactive tutorial is designed to get you started with the core features of Burp Suite as quickly as possible.