The Prototype Pollution Gadgets Finder is a powerful Burp Suite extension designed to detect and analyze server-side prototype pollution vulnerabilities in web applications. This tool automates the ...

This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities, and requires Burp Suite v2021.9 or later. It combines advanced diffing ...

Open redirections are potential vulnerabilities for web applications in which a redirection is performed to a location specified in user-supplied data. By redirecting or forwarding a user to a ...

Please enter the new license details below to start your Burp Suite Professional quotation.

AppSec teams face a wide range of challenges when securing their API estate against attack threats. In our recent webinar, which demonstrated the enhanced API scanning features in Burp Suite ...

This extension adds a new context menu item in Burp Suite to switch between defined Display Settings Profiles. Features: The currently used Display settings may be saved to a new Display Settings ...

We've introduced a feature that enables you to create HTTP match and replace rules using Bambdas. This enables you to handle complex or bulk changes more flexibly and easily. For example, you could ...

Race conditions are a common type of vulnerability closely related to business logic flaws. They occur when websites process requests concurrently without adequate safeguards. This can lead to ...

Generally speaking, it is important not to develop "tunnel vision" during testing. In other words, you should avoid focussing too narrowly on a particular vulnerability. Sensitive data can be leaked ...

SameSite is a browser security mechanism that determines when a website's cookies are included in requests originating from other websites. SameSite cookie restrictions provide partial protection ...

In this section, we'll teach you how to exploit some common scenarios using examples from PHP, Ruby, and Java deserialization. We hope to demonstrate how exploiting insecure deserialization is ...

In this section, we'll cover the basics of the two most common OAuth grant types. If you're completely new to OAuth, we recommend reading this section before attempting to complete our OAuth ...