The Prototype Pollution Gadgets Finder is a powerful Burp Suite extension designed to detect and analyze server-side prototype pollution vulnerabilities in web applications. This tool automates the ...

This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities, and requires Burp Suite v2021.9 or later. It combines advanced diffing ...

Open redirections are potential vulnerabilities for web applications in which a redirection is performed to a location specified in user-supplied data. By redirecting or forwarding a user to a ...

Please enter the new license details below to start your Burp Suite Professional quotation.

AppSec teams face a wide range of challenges when securing their API estate against attack threats. In our recent webinar, which demonstrated the enhanced API scanning features in Burp Suite ...

This extension adds a new context menu item in Burp Suite to switch between defined Display Settings Profiles. Features: The currently used Display settings may be saved to a new Display Settings ...

We've introduced a feature that enables you to create HTTP match and replace rules using Bambdas. This enables you to handle complex or bulk changes more flexibly and easily. For example, you could ...

This lab uses CSP and contains a reflected XSS vulnerability. To solve the lab, perform a cross-site scripting attack that bypasses the CSP and calls the alert function. Please note that the intended ...

This lab's two-factor authentication is vulnerable due to its flawed logic. To solve the lab, access Carlos's account page.

A network security breach can be devastating for both an organization’s reputation and its finances. The implications of a breach could affect millions – not just the victim itself, but their ...

In this section, we'll explain what content security policy is, and describe how CSP can be used to mitigate against some common attacks. CSP is a browser security mechanism that aims to mitigate XSS ...

In this section, we'll talk about how WebSocket URLs can be poisoned using DOM-based attacks, discuss the impact of WebSocket-URL poisoning, and suggest ways you can reduce your exposure to this kind ...