Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Friday, November 29, 2013

v1.5.20

This release adds support for nested insertion points to the Scanner.

Nested insertion points are used when an insertion point's base value contains data in a recognized format. For example, a URL parameter might contain Base64-encoded data, and the decoded value might in turn contain JSON or XML data. With the option to use nested insertion points enabled, Burp will create suitable insertion points for each separate item of input at each level of nesting.

Below are some examples of Burp's new capabilities in scanning nested insertion points, running against some targets in our lab.

SQL injection into a Base64-encoded value within a JSON value within a URL parameter:



SQL injection into a JSON value within XML within a URL parameter:



SQL injection into XML within a JSON value within a URL parameter:



XSS in a JSON value within a Base64-encoded URL parameter:



XSS in a JSON value within XML within a URL parameter:



XSS in an XML value within JSON within a URL parameter



You get the idea. There is no limit to how deep Burp can go. If it recognizes the data format of the base value of any insertion point, Burp will look inside that data for nested values that should be tested.

The option to include nested insertion points is on by default, and using this option imposes no overhead when scanning requests containing only conventional parameters. However, it enables Burp to reach much more of the attack surface of today's complex applications where data is encapsulated within different formats.

MD5: 08396c07da2f11a9f17212c3e4299b07
SHA256: d4e547b8d1bd63d2b65b605239c9c03058080deed14e3bfe9ebe538601baf537