Burp Suite Cheat Sheet

Essential web application security testing techniques

Proxy Techniques

  • Intercept On/Off

    Toggle request/response interception

  • Match and Replace

    Modify requests in real-time

  • HTTP History

    Review all intercepted traffic

Scanner Features

  • Active Scanning

    Automated vulnerability detection

  • Passive Scanning

    Background vulnerability checks

  • Scope Control

    Define scanning boundaries

Repeater & Intruder

  • Repeater: Manual Testing

    Modify and resend individual requests

  • Intruder: Payload Attacks

    Automated parameter fuzzing

  • Payload Types

    Sniper, Battering Ram, Pitchfork