You can set the type of payload that you want to inject into the base request. Burp Intruder provides a range of options for auto-generating different types of ...

This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities, and requires Burp Suite v2021.9 or later. It combines advanced diffing ...

In this section, you'll learn how simple file upload functions can be used as a powerful vector for a number of high-severity attacks. We'll show you how to bypass common defense mechanisms in order ...

Algorithm confusion attacks (also known as key confusion attacks) occur when an attacker is able to force the server to verify the signature of a JSON web token (JWT) using a different algorithm than ...

Are you looking for training in how to use Burp Suite? Would you like to take your understanding of web security to the next level? Our training hub incorporates options for self-study, development ...

Automated DAST scanning without limits. Built on the Burp technology your security teams already trust. Gain complete visibility of your web application's attack surface. Secure apps before they hit ...

SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. This can allow an attacker to view data that they ...

GraphQL vulnerabilities generally arise due to implementation and design flaws. For example, the introspection feature may be left active, enabling attackers to query the API in order to glean ...

Race conditions are a common type of vulnerability closely related to business logic flaws. They occur when websites process requests concurrently without adequate safeguards. This can lead to ...

In this section, we'll explain how to manipulate WebSocket messages and connections, describe the kinds of security vulnerabilities that can arise with WebSockets, and give some examples of exploiting ...

In this section, we'll teach you how to exploit some common scenarios using examples from PHP, Ruby, and Java deserialization. We hope to demonstrate how exploiting insecure deserialization is ...

In this section, we'll cover the basics of the two most common OAuth grant types. If you're completely new to OAuth, we recommend reading this section before attempting to complete our OAuth ...