If a response does not specify a content type, then the browser will usually analyze the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the ...
Penetration testing tools allow proper assessment of a system's cybersecurity within a sensible timeframe. Of these tools, Burp Suite Professional is one of the most widely used. With more than 55,000 ...
Cross-site request forgery (CSRF) is an attack which forces an end user to execute unwanted actions on a web application to which they are currently authenticated. CSRF vulnerabilities may arise when ...
As pentesters we all had at least one test where we all needed to use Base64 Image converters online which took an extra efort of copying things and sometimes we were running out of time. Captcha ...
If you or your teams use Splunk for your Security Information and Event Management (SIEM), you may like to integrate this with Burp Suite Enterprise Edition. Once configured, this enables you to ...
This release gives you better visibility of the crawl paths found by Burp Scanner, introduces support for sharing issues with Splunk, and enables you to use custom extensions, BChecks, and BApps with ...
This extension provides advanced capabilities and automation for finding and exploiting Client-Side Path Traversal. This extension is a Burp Suite Passive Scanner. It reads your proxy history and ...
Manage your security, your way. Managing a complex, enterprise-level web estate requires robust compliance, streamlined management of audits, and visibility of your security coverage. In other words - ...
Header Guardian is a Burp Suite extension designed to enhance the security of web applications by identifying missing, misconfigured, and unnecessary HTTP security headers. Properly configured ...
The Nmap Scanner Burp Suite Extension integrates Nmap's powerful network scanning capabilities directly into the Burp Suite interface. This extension provides an easy-to-use graphical interface for ...
Mixed Encodings: each segment of the IP address can be presented in different formats: hexadecimal, decimal, or octal. To keep our tool efficient, we don’t generate all possible combinations. Instead, ...
This release introduces a combined scan launcher for web app and API-only scans, the ability to customize which headers appear in the message editor, support for SOAP authentication, and several ...