If an application trusts an HTTP request header like X-Forwarded-For to accurately specify the remote IP address of the connecting client, then malicious clients can spoof their IP address. This ...

The response contains two or more Set-Cookie headers that attempt to set the same cookie to different values. Browsers will only accept one of these values, typically ...

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in ...

If you or your teams use Splunk for your Security Information and Event Management (SIEM), you may like to integrate this with Burp Suite Enterprise Edition. Once configured, this enables you to ...

Burp Suite Enterprise Edition enables you to upload an OpenAPI definition to run a specific API scan. You can add new API definitions at any time. API definitions are managed in the Sites menu. Each ...

We provide an installer for Windows and Linux operating systems. You can download these from Burp Suite Enterprise Edition. The new scanning machine is automatically ...

When you enable multi-factor authentication (MFA), all users must enter a passcode from an external authentication app in addition to their username and password when they log in. This helps to make ...

Manage your security, your way. Managing a complex, enterprise-level web estate requires robust compliance, streamlined management of audits, and visibility of your security coverage. In other words - ...

Header Guardian is a Burp Suite extension designed to enhance the security of web applications by identifying missing, misconfigured, and unnecessary HTTP security headers. Properly configured ...

Mixed Encodings: each segment of the IP address can be presented in different formats: hexadecimal, decimal, or octal. To keep our tool efficient, we don’t generate all possible combinations. Instead, ...

Macros are made up of requests taken from the Proxy history. The first step in adding a macro is to select these requests. To do so: The macro editor displays an editable list of items in the macro.

You can configure payload processing rules so that Burp Intruder modifies payloads before it inserts them into the request. This is useful for a variety of purposes, such as when you need to: Generate ...