Burp Suite is one of the most powerful tools for web application security testing, used widely by penetration testers and security researchers. It offers an extensive set of features to identify vulnerabilities, intercept traffic, manipulate requests, and much more. This cheat sheet provides a quick reference to help you navigate Burp Suite’s essential functions, making your workflow more efficient and effective.
Burp Suite Setup & Configuration
| Feature | Steps |
|---|---|
| Proxy Listener | Proxy > Options > Add a new listener (e.g., on port 8080). |
| CA Certificate | Proxy > Options > Import Burp's CA certificate into your browser. |
Proxy Tab
| Action | Description |
|---|---|
| Intercept On/Off | Proxy > Intercept > Toggle "Intercept is on" to turn interception on or off. |
| Forward Request | While intercepting, press Forward to send the request to the destination server. |
| Drop Request | Drop intercepted requests to cancel them. |
Repeater Tab
| Action | Description |
|---|---|
| Send Custom Requests | Right-click a request in Proxy or other tabs > Send to Repeater. Modify and click Send in Repeater tab. |
Intruder Tab
| Action | Description |
|---|---|
| Payload Positioning | Highlight part of the request > Add § to mark the payload positions. |
| Attack Types | Sniper, Battering Ram, Pitchfork, Cluster Bomb. |
| Payload Settings | Set the payload type (e.g., simple list, numbers, Brute Force). Payloads tab > Add options > Start Attack. |
Scanner Tab (Pro Only)
| Action | Description |
|---|---|
| Passive Scanning | Automatically scan traffic passing through Burp. |
| Active Scanning | Actively send requests to find vulnerabilities. Right-click request > Do active scan. |
Decoder Tab
| Action | Description |
|---|---|
| Decoding Data | Paste encoded text into Decoder > Choose Decode as (Base64, URL, HTML, etc.). |
| Encoding Data | Paste text into Decoder > Choose Encode as to transform into different formats. |
Comparer Tab
| Action | Description |
|---|---|
| Compare Requests/Responses | Send two requests/responses to Comparer > Click Words or Bytes to see differences. |
Extender Tab
| Action | Description |
|---|---|
| Install Extensions | Extender > BApp Store > Browse and install extensions (e.g., SQLiPy, JWT Attacker). |
Miscellaneous
| Action | Description |
|---|---|
| Save Session | Project > Save State to save the current session. |
| Export Requests | Right-click on a request > Copy to file to export the request. |
