Working manually on specific HTTP requests

Working manually on specific HTTP requests #

When you understand how your target application works—for instance, when you can identify crucial requests from a security standpoint—you can choose appropriate requests from the Proxy tab and try to exploit them manually.

For example, requests that reflect user-provided values in the response and API calls that handle authentication are worth investigating in this manner. To support yourself with semi-automatic methods, use the following Burp tools.

Burp Repeater
Burp Intruder
Burp Collaborator
Edit Edit this page | Trail of Bits | Trail of Bits Blog | Contact us
This content is licensed under a Creative Commons Attribution 4.0 International license.