Back to all tools

Burp Suite Cheatsheet

Leading web vulnerability scanner and proxy tool.

Star on GitHubFollow on XConnect on LinkedInJoin Discord

## πŸ› οΈ Burp Suite Setup & Configuration

## πŸ”§ Feature Overview

Feature Steps
Proxy Listener Proxy > Options > Add a new listener (e.g., on port 8080).
CA Certificate Proxy > Options β†’ Import Burp’s CA certificate into your browser.

## 🧩 Proxy Tab

Action Description
Intercept On/Off Proxy > Intercept β†’ Toggle β€œIntercept is on” to enable or disable.
Forward Request While intercepting, press Forward to send the request to the server.
Drop Request Use Drop to cancel the intercepted request.

## πŸ” Repeater Tab

Action Description
Send Custom Requests Right-click a request in Proxy or other tabs β†’ Send to Repeater, modify, then send.

## πŸš€ Intruder Tab

Action Description
Payload Positioning Highlight request parts β†’ Add Β§ to mark payload insertion points.
Attack Types Sniper, Battering Ram, Pitchfork, Cluster Bomb.
Payload Settings Set payload type (e.g., simple list, numbers) β†’ Configure under Payloads tab.

## πŸ§ͺ Scanner Tab (Pro Only)

Action Description
Passive Scanning Automatically analyze traffic passing through Burp.
Active Scanning Right-click a request β†’ Do active scan to find vulnerabilities.

## πŸ” Decoder Tab

Action Description
Decoding Data Paste encoded data β†’ Choose Decode as (e.g., Base64, URL, HTML).
Encoding Data Paste plain data β†’ Choose Encode as to transform into various formats.

## πŸ“Š Comparer Tab

Action Description
Compare Requests/Responses Send two requests/responses to Comparer β†’ Use Words or Bytes view.

## 🧩 Extender Tab

Action Description
Install Extensions Go to Extender > BApp Store β†’ Browse & install tools (e.g., SQLiPy, JWT Attacker).

## πŸ—ƒοΈ Miscellaneous

Action Description
Save Session Project > Save State to save current Burp session.
Export Requests Right-click a request β†’ Copy to file to export it.