Mastering Burp Suite
@mastering-burp.agarri.fr
Tips and tricks for Burp Suite Pro 🛠️
Not affiliated with @portswigger.net ©️
Managed by @agarri.fr 🇫🇷
Additional free resources 🎁
http://hackademy.agarri.fr/freebies
Not affiliated with @portswigger.net ©️
Managed by @agarri.fr 🇫🇷
Additional free resources 🎁
http://hackademy.agarri.fr/freebies
November 14, 2025 at 1:07 PM
You never know when an obscure piece of trivia about Java regular expressions may be useful IRL 🤓
Today, I used the embedded flag "(?-s)" to disable the DOTALL mode and be able to work one a single line 🔬
The goal was to append a string to the User-Agent header, and it now works perfectly 🎉
Today, I used the embedded flag "(?-s)" to disable the DOTALL mode and be able to work one a single line 🔬
The goal was to append a string to the User-Agent header, and it now works perfectly 🎉
September 10, 2025 at 1:23 PM
You never know when an obscure piece of trivia about Java regular expressions may be useful IRL 🤓
Today, I used the embedded flag "(?-s)" to disable the DOTALL mode and be able to work one a single line 🔬
The goal was to append a string to the User-Agent header, and it now works perfectly 🎉
Today, I used the embedded flag "(?-s)" to disable the DOTALL mode and be able to work one a single line 🔬
The goal was to append a string to the User-Agent header, and it now works perfectly 🎉
The Scalpel extension is magic 🪄 Especially if you're a big fan of executing both python3 and vim within Burp Suite 🛠️
blog.lexfo.fr/scalpel.html
blog.lexfo.fr/scalpel.html
June 5, 2025 at 11:07 AM
The Scalpel extension is magic 🪄 Especially if you're a big fan of executing both python3 and vim within Burp Suite 🛠️
blog.lexfo.fr/scalpel.html
blog.lexfo.fr/scalpel.html
I strongly recommend to use "Audit speed = Thorough" when scanning. Here's one of the reasons...
April 8, 2025 at 11:26 AM
I strongly recommend to use "Audit speed = Thorough" when scanning. Here's one of the reasons...
TIL the default value for "Failed domain name resolution" is set to 60 seconds. Useful to know when reaching your target web app temporarily fails
April 2, 2025 at 12:03 PM
TIL the default value for "Failed domain name resolution" is set to 60 seconds. Useful to know when reaching your target web app temporarily fails
Somebody asked me which version of Python was available in Hackvertor. So I created a custom tag displaying this piece on information
And the answer is... Jython 2.7.3b1 🐍☕
PS: look at the alt-text if you're looking for the code
And the answer is... Jython 2.7.3b1 🐍☕
PS: look at the alt-text if you're looking for the code
![The following Python code is executed inside Hackvertor:
import sys
output = '\n\n'.join(['', sys.version, sys.executable, str(sys.version_info)])](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:beq3wofl725kj4aqaxkhkgen/bafkreia6sy4pqx2m5ef6fhljk3uvnepns7jsa7k6muuy2azpxqq6lpfanq@jpeg)
February 19, 2025 at 4:09 PM
Somebody asked me which version of Python was available in Hackvertor. So I created a custom tag displaying this piece on information
And the answer is... Jython 2.7.3b1 🐍☕
PS: look at the alt-text if you're looking for the code
And the answer is... Jython 2.7.3b1 🐍☕
PS: look at the alt-text if you're looking for the code
I like bambdas but Java is sooooo verbose 😐
February 19, 2025 at 10:38 AM
I like bambdas but Java is sooooo verbose 😐
When spending hours in front of a screen, using alternative fonts may be a very good idea 🔍
My preferred one is JetBrains Mono, but of course YMMV (go to "User options > Display > HTTP Message Display" to change your settings) ⚙️
PS: I use the same font in VS Code 🧠
My preferred one is JetBrains Mono, but of course YMMV (go to "User options > Display > HTTP Message Display" to change your settings) ⚙️
PS: I use the same font in VS Code 🧠
February 17, 2025 at 4:45 PM
When spending hours in front of a screen, using alternative fonts may be a very good idea 🔍
My preferred one is JetBrains Mono, but of course YMMV (go to "User options > Display > HTTP Message Display" to change your settings) ⚙️
PS: I use the same font in VS Code 🧠
My preferred one is JetBrains Mono, but of course YMMV (go to "User options > Display > HTTP Message Display" to change your settings) ⚙️
PS: I use the same font in VS Code 🧠
Hackvertor now supports tags `<@space/>` and `<@newline/>`
That doesn't look like a game-changer, but it's incredibly useful when you want to avoid that these raw characters break Burp's HTTP parsing
That doesn't look like a game-changer, but it's incredibly useful when you want to avoid that these raw characters break Burp's HTTP parsing
January 5, 2025 at 1:22 PM
Hackvertor now supports tags `<@space/>` and `<@newline/>`
That doesn't look like a game-changer, but it's incredibly useful when you want to avoid that these raw characters break Burp's HTTP parsing
That doesn't look like a game-changer, but it's incredibly useful when you want to avoid that these raw characters break Burp's HTTP parsing
Ever wondered why you NEVER see chunked responses in Burp? 🤔
The answer is simple, default settings hide them! 🫣
Go to "Settings > Network > HTTP > Streaming responses" to make them appear 🔍
The answer is simple, default settings hide them! 🫣
Go to "Settings > Network > HTTP > Streaming responses" to make them appear 🔍
December 20, 2024 at 7:23 AM
Ever wondered why you NEVER see chunked responses in Burp? 🤔
The answer is simple, default settings hide them! 🫣
Go to "Settings > Network > HTTP > Streaming responses" to make them appear 🔍
The answer is simple, default settings hide them! 🫣
Go to "Settings > Network > HTTP > Streaming responses" to make them appear 🔍
We can now configure what version of messages should be displayed in Proxy History 🥳
November 28, 2024 at 1:37 PM
We can now configure what version of messages should be displayed in Proxy History 🥳
It's really easy to make Repeater tabs take a single line: simply enable the "Scrolling view" mode from the ellipsis menu
November 15, 2024 at 1:55 PM
It's really easy to make Repeater tabs take a single line: simply enable the "Scrolling view" mode from the ellipsis menu
Reading the documentation is a super power 🦸
November 4, 2024 at 11:12 AM
Reading the documentation is a super power 🦸
Piper, the gift that keeps on giving!🔥
September 18, 2024 at 11:10 AM
Piper, the gift that keeps on giving!🔥
The new "Match & Replace" editor (available in EA 2024.8) looks pretty good 🤩
September 5, 2024 at 4:52 PM
The new "Match & Replace" editor (available in EA 2024.8) looks pretty good 🤩
Great or awful? 🤔
May 27, 2024 at 4:59 PM
Great or awful? 🤔
Portswigger released a BCheck plugin for IntelliJ 🛠️
May 3, 2024 at 2:04 PM
Portswigger released a BCheck plugin for IntelliJ 🛠️
The kind of small improvements I really appreciate...
April 12, 2024 at 1:49 PM
The kind of small improvements I really appreciate...
Since EA 2024.3.1, it's possible to add custom columns to all the tables visible in Burp Suite
In the following screenshot, I simply extract the value of the "Server" header
In the following screenshot, I simply extract the value of the "Server" header
April 10, 2024 at 10:13 AM
Since EA 2024.3.1, it's possible to add custom columns to all the tables visible in Burp Suite
In the following screenshot, I simply extract the value of the "Server" header
In the following screenshot, I simply extract the value of the "Server" header
Combining Piper and LinkFinder (thanks Antoine Roly for the screenshot)
April 10, 2024 at 7:40 AM
Combining Piper and LinkFinder (thanks Antoine Roly for the screenshot)
Since EA 2024.2.1, it's possible to sort tables using 3 distinct criteria 🤩
Here, the data is sorted by Mime Type then Status code then Length (you need to click on the columns in the opposite order) 📊
Here, the data is sorted by Mime Type then Status code then Length (you need to click on the columns in the opposite order) 📊
March 4, 2024 at 11:01 AM
Since EA 2024.2.1, it's possible to sort tables using 3 distinct criteria 🤩
Here, the data is sorted by Mime Type then Status code then Length (you need to click on the columns in the opposite order) 📊
Here, the data is sorted by Mime Type then Status code then Length (you need to click on the columns in the opposite order) 📊
In case you want to modify the layout of the menu listing extensions' actions, the extension "Menu level" does exactly that... 🛠️ There's 4 possible layouts, and the attached screenshot shows the third one
February 7, 2024 at 5:37 PM
In case you want to modify the layout of the menu listing extensions' actions, the extension "Menu level" does exactly that... 🛠️ There's 4 possible layouts, and the attached screenshot shows the third one