login

Burp Suite, the leading toolkit for web application security testing

PortSwigger Web Security Blog

Wednesday, 25 November 2009

[V13P] Manual testing simulator

This feature won't exactly enhance your productivity, but you may sometimes find it useful nonetheless. In the new release, lazy Pro users can make Burp simulate manual testing activities, by sending common test payloads to random URLs and parameters within a target application, at irregular intervals. Burp doesn't do anything with the responses, so you won't find out about any bugs in this way. But if you think that someone might be reviewing the application's logs to confirm that you are working, you can use this feature while you nip out for a long lunch, gym session, drinking binge, or whatever happens to be your preferred diversion.

Regarding the obvious feature request, for you to be able to configure your day-rate, and have Burp calculate how much the simulation has cost your client; no, I don't think that would be appropriate, do you?

6 comments:

Anonymous said...

You officially have too much free time on your hands.

Anonymous said...

Brilliant. Finchy can get root now!

Anonymous said...

Ha genius!

Anonymous said...

Agreed, absolute genius.

pentest said...

Exactly what I needed.

Anonymous said...

can i get the report regarding this manual simulation. i mean, it shows the error count but where should i look for it in detail?


User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Copyright 2014 PortSwigger Ltd. All rights reserved.