The Burp Methodology

This page contains links to all our step-by-step methodology articles.

1. Using Burp to Bypass Client-Side Controls
   • Using Burp to Bypass Client-Side Controls
   • Using Burp to bypass hidden form fields
   • Using Burp to bypass client-side JavaScript validation
   • Using Burp to manipulate parameters
   • Forced browsing
2. Using Burp to Attack Authentication
   • Using Burp to Attack Authentication
   • Brute forcing a login page
   • Vulnerable transmission of credentials / sensitive data exposure
   • Injection attack: bypassing authentication
   • Forced browsing
   • Insecure direct object references
3. Using Burp to Attack Session Management
   • Using Burp to Attack Session Management
   • Using Burp to hack cookies / manipulate sessions
   • Using Burp to test token generation
   • Using Burp to test session token handling
   • Using Burp to test for cross-site request forgery (CSRF)
   • Using Burp to find Clickjacking Vulnerabilities
4. Using Burp to Test Access Controls
   • Using Burp to Test Access Controls
   • Using Burp's "Request in browser" function to test for access control issues
   • Using Burp to test for parameter manipulation and forced browsing issues
5. Using Burp to Test for SQL Injection Flaws
   • Using Burp to Find SQL Injection Flaws
   • Using Burp to Detect SQL Injection Flaws
   • Using Burp to Investigate SQL Injection Flaws
   • Using SQL Injection to Bypass Authentication
   • Using Burp to Exploit SQL Injection Vulnerabilities: The UNION Operator
   • Using Burp to Detect SQL Injection Via SQL-Specific Parameter Manipulation
   • Using Burp to Detect Blind SQL Injection Bugs
   • Using Burp to Exploit Bind SQL Injection Bugs
   • Using Burp with SQLMap
   • SQL Injection in Different Statement Types
   • SQL Injection in the Query Structure
   • SQL Injection: Bypassing Common Filters
6. Using Burp to Find Cross-Site Scripting Vulnerabilities
   • Using Burp to Find Cross-Site Scripting Issues
   • Using Burp to Manually Test for Reflected XSS
   • Using Burp to Manually Test for Stored XSS
   • Using Burp to Exploit XSS - Injecting in to Direct HTML
   • Using Burp to Exploit XSS - Injecting in to Tag Attributes
   • Using Burp to Exploit XSS - Injecting in to Scriptable Contexts
7. Cross-Site Scripting Filters
   • XSS: Defensive Filters
   • Signature-Based XSS Filters: Introducing Script Code
   • Bypassing Signature-Based XSS Filters: Modifying HTML
   • Bypassing Signature-Based XSS Filters: Modifying Script Code
   • XSS: Beating HTML Sanitizing Filters
   • XSS Filters: Beating Length Limits Using DOM-based Techniques
   • XSS Filters: Beating Length Limits Using Shortened Payloads
   • XSS Filters: Beating Length Limits Using Spanned Payloads
8. Using Burp to Attack Back-End Components
   • Using Burp to Test for Code Injection Vulnerabilities
   • Using Burp to Test for OS Command Injection Vulnerabilities
   • Using Burp to Test for Path Traversal Vulnerabilities