Burp Suite is one of the most powerful tools for web application security testing, used widely by penetration testers and security researchers. It offers an extensive set of features to identify vulnerabilities, intercept traffic, manipulate requests, and much more. This cheat sheet provides a quick reference to help you navigate Burp Suite’s essential functions, making your workflow more efficient and effective.
Burp Suite Setup & Configuration
Feature
Steps
Proxy Listener
Proxy > Options > Add a new listener (e.g., on port 8080).
CA Certificate
Proxy > Options > Import Burp’s CA certificate into your browser.
Proxy Tab
Action
Description
Intercept On/Off
Proxy > Intercept > Toggle “Intercept is on” to turn interception on or off.
Forward Request
While intercepting, press Forward to send the request to the destination server.
Drop Request
Drop intercepted requests to cancel them.
Repeater Tab
Action
Description
Send Custom Requests
Right-click a request in Proxy or other tabs > Send to Repeater. Modify and click Send in Repeater tab.
Intruder Tab
Action
Description
Payload Positioning
Highlight part of the request > Add § to mark the payload positions.
Attack Types
Sniper, Battering Ram, Pitchfork, Cluster Bomb.
Payload Settings
Set the payload type (e.g., simple list, numbers, Brute Force). Payloads tab > Add options > Start Attack.
Scanner Tab (Pro Only)
Action
Description
Passive Scanning
Automatically scan traffic passing through Burp.
Active Scanning
Actively send requests to find vulnerabilities. Right-click request > Do active scan.
Decoder Tab
Action
Description
Decoding Data
Paste encoded text into Decoder > Choose Decode as (Base64, URL, HTML, etc.).
Encoding Data
Paste text into Decoder > Choose Encode as to transform into different formats.
Comparer Tab
Action
Description
Compare Requests/Responses
Send two requests/responses to Comparer > Click Words or Bytes to see differences.
Extender Tab
Action
Description
Install Extensions
Extender > BApp Store > Browse and install extensions (e.g., SQLiPy, JWT Attacker).
Miscellaneous
Action
Description
Save Session
Project > Save State to save the current session.
Export Requests
Right-click on a request > Copy to file to export the request.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Leave a Reply