Press ESC to close

Comprehensive Burp Suite Cheat Sheet for Web Application Security Testing

Burp Suite is one of the most powerful tools for web application security testing, used widely by penetration testers and security researchers. It offers an extensive set of features to identify vulnerabilities, intercept traffic, manipulate requests, and much more. This cheat sheet provides a quick reference to help you navigate Burp Suite’s essential functions, making your workflow more efficient and effective.

Burp Suite Setup & Configuration

FeatureSteps
Proxy ListenerProxy > Options > Add a new listener (e.g., on port 8080).
CA CertificateProxy > Options > Import Burp’s CA certificate into your browser.

Proxy Tab
ActionDescription
Intercept On/OffProxy > Intercept > Toggle “Intercept is on” to turn interception on or off.
Forward RequestWhile intercepting, press Forward to send the request to the destination server.
Drop RequestDrop intercepted requests to cancel them.

Repeater Tab
ActionDescription
Send Custom RequestsRight-click a request in Proxy or other tabs > Send to Repeater. Modify and click Send in Repeater tab.

Intruder Tab
ActionDescription
Payload PositioningHighlight part of the request > Add § to mark the payload positions.
Attack TypesSniper, Battering Ram, Pitchfork, Cluster Bomb.
Payload SettingsSet the payload type (e.g., simple list, numbers, Brute Force). Payloads tab > Add options > Start Attack.

Scanner Tab (Pro Only)
ActionDescription
Passive ScanningAutomatically scan traffic passing through Burp.
Active ScanningActively send requests to find vulnerabilities. Right-click request > Do active scan.

Decoder Tab
ActionDescription
Decoding DataPaste encoded text into Decoder > Choose Decode as (Base64, URL, HTML, etc.).
Encoding DataPaste text into Decoder > Choose Encode as to transform into different formats.

Comparer Tab
ActionDescription
Compare Requests/ResponsesSend two requests/responses to Comparer > Click Words or Bytes to see differences.

Extender Tab
ActionDescription
Install ExtensionsExtender > BApp Store > Browse and install extensions (e.g., SQLiPy, JWT Attacker).

Miscellaneous
ActionDescription
Save SessionProject > Save State to save the current session.
Export RequestsRight-click on a request > Copy to file to export the request.

Leave a Reply

Your email address will not be published. Required fields are marked *