Payloads
This tab is used to configure one or more payload sets. The number of payload
sets depends on the attack type defined in the
Positions tab. For many common
tasks, such as fuzzing parameters, brute force guessing a user's password, or
cycling through page identifiers, only a single payload set is needed.
The configuration steps needed to configure a payload set are as follows:
- Select the payload set that you wish to configure from the drop-down
list.
- Select the payload type to use from the drop-down
list. A large number of payload types are available, and these are
highly configurable, allowing you to quickly automate the generation of
payloads for virtually any situation:
- Configure the payload options
for the selected payload type.
- Configure any required
payload processing rules, to manipulate the
generated payloads in various ways.
- Configure the required payload
encoding, to ensure that the correct characters are
URL-encoded for safe transmission over HTTP.
User Forum
Get help from other users, at the Burp Suite User Forum:
Visit the forum ›
Monday, November 3, 2014
v1.6.07
This release contains various enhancements to the Scanner engine logic, to improve both the reliability of issue reporting, and the quality of proof-of-concept exploits. Improvements have been made to the following checks:
- OS command injection
- SQL injection
- HTTP response header injection
- File path traversal
- Server-side JavaScript / NoSQL injection
- Reflected cross-site scripting
- Various DOM-based issues
- Open redirection
See all release notes ›