A new BChecks testing tool will make testing BChecks just as easy as it is to write them. Send suitable requests to the tool, and use them as test cases to confirm that your BCheck is working. Alter ...

Many servers now support HTTP/2. This exposes them to potential vulnerabilities that are impossible to test for using tools that only speak HTTP/1. Burp Suite provides unrivaled support for ...

Reflected cross-site scripting (or XSS) arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. If an attacker can control a ...

In our previous labs, you learned how to exploit web cache poisoning vulnerabilities by manipulating typical unkeyed inputs, such as HTTP headers and cookies. While this approach is effective, it only ...

In this section, we'll look at some of the vulnerabilities that can occur in multi-factor authentication mechanisms. We've also provided several interactive labs to demonstrate how you can exploit ...

In this section, you'll learn how simple file upload functions can be used as a powerful vector for a number of high-severity attacks. We'll show you how to bypass common defense mechanisms in order ...

You can set the type of payload that you want to inject into the base request. Burp Intruder provides a range of options for auto-generating different types of ...

You can configure payload processing rules so that Burp Intruder modifies payloads before it inserts them into the request. This is useful for a variety of purposes, such as when you need to: Generate ...

Business logic vulnerabilities are relatively specific to the context in which they occur. However, although individual instances of logic flaws differ hugely, they can share many common themes. In ...

This lab's two-factor authentication can be bypassed. You have already obtained a valid username and password, but do not have access to the user's 2FA verification ...