On this page
article
Burp Suite Cheat sheet
Tool Specific Hotkeys
Ctrl-F
: Forward Request (Proxy)Ctrl-T
: Toggle Proxy Intercept On/OffCtrl-Space
: Send Request (Repeater)Double-click TAB
: Rename a tab
Navigational Hotkeys
Ctrl-Shift-T
: Target TabCtrl-Shift-P
: Proxy TabCtrl-Shift-R
: Repeater TabCtrl-Shift-I
: Intruder TabCtrl-Shift-O
: Project Options TabCtrl-Shift-D
: Dashboard TabCtrl-Equal
: Next tabCtrl-Minus
: Previous tab
Editor Encoding / Decoding Hotkeys
Ctrl-B
: Base64 selectionCtrl-Shift-B
: Base64 decode selectionCtrl-H
: Replace with HTML Entities (key characters only)Ctrl-Shift-H
: Replace HTML entities with charactersCtrl-U
: URL encode selection (key characters only)Ctrl-Shift-U
: URL decode selection
Global Hotkeys
Ctrl-I
: Send to IntruderCtrl-R
: Send to RepeaterCtrl-S
: Search (places cursor in search field)Ctrl-.
: Go to next selectionCtrl-,
: Go to previous selectionCtrl-A
: Select allCtrl-Z
: UndoCtrl-Y
: Redo
Editors Hotkeys
Ctrl-Delete
: Delete WordCtrl-D
: Delete LineCtrl-Backspace
: Delete Word BackwardsCtrl-Home
: Go to beginning of the documentCtrl-End
: Go to end of the documentCtrl-Left/Right
: Navigate wordsCtrl-Shift
: Select data on its way
Hunting for Vulnerabilities
Param Miner
: Identifies unlinked parameters.Backslash Powered Scanner
: Alerts on data transformations.Software Vulnerability Scanner
: Checks software versions against known vulnerabilities.
Authorization and Authentication
SAML-Raider
: Inspect and modify SAML messages.JSON Web Tokens
: Decode and manipulate JWTs on the fly.Autorize
: Check access control for different roles or unauthenticated users.
More Vulnerability Hunting Tools
HTTP Request Smuggler
: Launch HTTP Request Smuggling attacks.Active Scan++
: Additional vulnerability scanning capabilities.Retire.js
: Identify outdated JavaScript libraries with associated CVEs.
Utilities
Logger++
: Log and monitor attacks; sort by status code.Turbo Intruder
: High-speed, customizable HTTP request sending.Taborator
: Ease Burp Collaborator usage for call-back vulnerabilities.
REST API
- Enable in user options, default access at
http://127.0.0.1:1337/
. - Interact via web application, not just CLI.
- Use cURL commands for interaction with Burp’s features in headless mode.
API Examples
- List defined issues:
curl -X GET 'http://127.0.0.1:1337/v0.1/knowledge_base/issue_definitions'
- Scan a URL:
curl -X POST 'http://127.0.0.1:1337/v0.1/scan' -d '{"urls":["http://target1.com","http://target2.com"]}'
- Check scan status:
curl -X GET 'http://127.0.0.1:1337/v0.1/scan/<task_id>'
Last updated 26 Apr 2024, 15:18 +0530 .