This learning path teaches you how to test APIs that aren't fully used by the website front-end. You'll learn key API recon skills to help you discover more attack surface. In addition, you'll learn ...

A Burp extension to generate async Python code from HTTP requests. This extension generates different flavors of scripts (e.g. with/without session, with/without main function). The resulting codes ...

The Prototype Pollution Gadgets Finder is a powerful Burp Suite extension designed to detect and analyze server-side prototype pollution vulnerabilities in web applications. This tool automates the ...

We've introduced a feature that enables you to create HTTP match and replace rules using Bambdas. This enables you to handle complex or bulk changes more flexibly and easily. For example, you could ...

Burp Intruder is a powerful tool for performing highly customizable, automated attacks against websites. It enables you to configure attacks that send the same request over and over again, inserting ...

This is a quick reference guide to troubleshooting the most common Burp Scanner error messages. You can use Ctrl/Cmd + F to search for the error you've encountered to ...

You can set the type of payload that you want to inject into the base request. Burp Intruder provides a range of options for auto-generating different types of ...

AppSec teams face a wide range of challenges when securing their API estate against attack threats. In our recent webinar, which demonstrated the enhanced API scanning features in Burp Suite ...

Unzip and run the installer. For Linux, run the installer from the terminal. The wizard opens. Follow the wizard, and enter the authentication token when prompted. Enter the hostname of your instance ...

Are you looking for training in how to use Burp Suite? Would you like to take your understanding of web security to the next level? Our training hub incorporates options for self-study, development ...

In this section, you'll learn how simple file upload functions can be used as a powerful vector for a number of high-severity attacks. We'll show you how to bypass common defense mechanisms in order ...

In this section we explain what the Access-Control-Allow-Origin header is in respect of CORS, and how it forms part of CORS implementation. The cross-origin resource sharing specification provides ...