{"id":4714,"date":"2025-08-21T11:30:12","date_gmt":"2025-08-21T11:30:12","guid":{"rendered":"https:\/\/uplatz.com\/blog\/?p=4714"},"modified":"2025-08-30T11:47:48","modified_gmt":"2025-08-30T11:47:48","slug":"burp-suite-pocket-book","status":"publish","type":"post","link":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/","title":{"rendered":"Burp Suite Pocket Book"},"content":{"rendered":"<p><!-- ############################################################ --><br \/>\n<!-- Burp Suite Pocket Book \u2014 Uplatz (Single Column, 60 Cards, Colored Sections) --><\/p>\n<div style=\"margin: 16px 0;\">\n<style>\n  \/* Scope *\/<br \/>\n  .wp-burp-pb{font-family:Arial,Helvetica,sans-serif;max-width:980px;margin:0 auto;}<\/p>\n<p>  \/* Gradient header *\/<br \/>\n  .wp-burp-pb .heading{<br \/>\n    background:linear-gradient(135deg,#f59e0b,#6366f1);<br \/>\n    color:#ffffff;padding:22px;border-radius:18px;text-align:center;<br \/>\n    margin-bottom:26px;box-shadow:0 10px 24px rgba(0,0,0,.10);border:1px solid rgba(255,255,255,.22)<br \/>\n  }<br \/>\n  .wp-burp-pb .heading h2{margin:0;font-size:1.82rem;font-weight:800;letter-spacing:.2px;line-height:1.15}<br \/>\n  .wp-burp-pb .heading p{margin:8px 0 0;font-size:.96rem;opacity:.95}<\/p>\n<p>  \/* Section titles (base) *\/<br \/>\n  .wp-burp-pb .section-title{<br \/>\n    margin:26px 0 14px;padding:12px 16px;border-left:8px solid #2563eb;<br \/>\n    border-radius:12px;font-weight:800;color:#0f172a;font-size:1.02rem;<br \/>\n    box-shadow:0 2px 8px rgba(0,0,0,.05);border:1px solid #e2e8f0<br \/>\n  }<\/p>\n<p>  \/* Colored section bars (apply one per section) *\/<br \/>\n  .wp-burp-pb .color-1{background:linear-gradient(135deg,#dcfce7,#e0f2fe);border-left-color:#22c55e}<br \/>\n  .wp-burp-pb .color-2{background:linear-gradient(135deg,#fffbeb,#e9d5ff);border-left-color:#f59e0b}<br \/>\n  .wp-burp-pb .color-3{background:linear-gradient(135deg,#fee2e2,#dbeafe);border-left-color:#ef4444}<br \/>\n  .wp-burp-pb .color-4{background:linear-gradient(135deg,#ecfeff,#f5f3ff);border-left-color:#06b6d4}<br \/>\n  .wp-burp-pb .color-5{background:linear-gradient(135deg,#f1f5f9,#ede9fe);border-left-color:#475569}<br \/>\n  .wp-burp-pb .color-6{background:linear-gradient(135deg,#f0fdf4,#fef3c7);border-left-color:#10b981}<br \/>\n  .wp-burp-pb .color-7{background:linear-gradient(135deg,#fff7ed,#e2e8f0);border-left-color:#fb923c}<br \/>\n  .wp-burp-pb .color-8{background:linear-gradient(135deg,#e0e7ff,#fee2e2);border-left-color:#6366f1}<\/p>\n<p>  \/* Cards (single column) *\/<br \/>\n  .wp-burp-pb .card{<br \/>\n    background:#fff;border-left:6px solid #2563eb;padding:16px;border-radius:14px;<br \/>\n    box-shadow:0 6px 14px rgba(0,0,0,.06);border:1px solid #e5e7eb;margin-bottom:16px;<br \/>\n    transition:transform .12s ease,box-shadow .12s ease<br \/>\n  }<br \/>\n  .wp-burp-pb .card:hover{transform:translateY(-2px);box-shadow:0 12px 22px rgba(0,0,0,.08)}<br \/>\n  .wp-burp-pb .card h3{margin:0 0 10px;font-size:1.08rem;color:#0f172a}<br \/>\n  .wp-burp-pb .card p{margin:0;font-size:.96rem;color:#334155;line-height:1.62}<\/p>\n<p>  \/* Helpers *\/<br \/>\n  .mono{font-family:ui-monospace,SFMono-Regular,Menlo,Consolas,monospace}<br \/>\n  .wp-burp-pb code{background:#f1f5f9;padding:0 4px;border-radius:4px;border:1px solid #e2e8f0}<br \/>\n  .wp-burp-pb pre{background:#f5f5f5;color:#111827;border:1px solid #e5e7eb;padding:12px;border-radius:10px;overflow:auto;font-size:.92rem;line-height:1.55}<br \/>\n  .muted{color:#64748b}<br \/>\n  .tight ul{margin:0;padding-left:18px}<br \/>\n  .tight li{margin:4px 0}<br \/>\n  .q{font-weight:700}<br \/>\n<\/style>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-5070\" src=\"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Burp-Suite-1024x576.jpg\" alt=\"\" width=\"840\" height=\"473\" srcset=\"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Burp-Suite-1024x576.jpg 1024w, https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Burp-Suite-300x169.jpg 300w, https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Burp-Suite-768x432.jpg 768w, https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Burp-Suite.jpg 1280w\" sizes=\"auto, (max-width: 840px) 100vw, 840px\" \/><\/p>\n<div class=\"wp-burp-pb\">\n<div class=\"heading\">\n<h2>Burp Suite Pocket Book \u2014 Uplatz<\/h2>\n<p>60 deep-dive flashcards \u2022 Single column \u2022 Proxy &amp; Scope \u2022 Repeater\/Intruder \u2022 Scanner &amp; OAST \u2022 Auth\/State \u2022 APIs \u2022 Extender \u2022 Interview Q&amp;A<\/p>\n<p class=\"muted\">For authorized testing only \u2022 Keep logs \u2022 Respect scope &amp; rules of engagement<\/p>\n<\/div>\n<p><!-- ===================== SECTION 1 ===================== --><\/p>\n<div class=\"section-title color-1\">Section 1 \u2014 Fundamentals<\/div>\n<div class=\"card\">\n<h3>1) What is Burp Suite?<\/h3>\n<p>An integrated platform for web security testing: intercepting proxy, request editors, automation, and (Pro) active\/passive scanning.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>2) Editions<\/h3>\n<p><b>Community<\/b>: core tools (Proxy, Repeater, Decoder, Comparer, Sequencer). <b>Professional<\/b>: adds Scanner, Collaborator (OAST), advanced automation. <b>Enterprise<\/b>: CI-scale scanning.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>3) Project vs User Options<\/h3>\n<p>Project Options travel with the <code>.burp<\/code> project file (targets, scope, proxy, logging). User Options are local to your workstation.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>4) Workflows<\/h3>\n<p>Proxy traffic \u2192 define scope \u2192 map target \u2192 probe with Repeater\/Intruder \u2192 scan (Pro) \u2192 verify \u2192 report and retest.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>5) Legal &amp; Ethics<\/h3>\n<p>Only test systems you own or are authorized to test. Respect scope, rate limits, and data handling policies. Stop if instability occurs.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>6) Launch &amp; Update<\/h3>\n<p>Use the Burp launcher; keep up-to-date for protocol fixes and new checkers. Enable automatic update checks in User Options.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>7) CA Certificate<\/h3>\n<p>Import Burp\u2019s CA into your browser\/OS to intercept HTTPS without warnings; keep it separate per engagement.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>8) Built-in Browser<\/h3>\n<p>Burp ships a Chromium-based browser preconfigured with the proxy; handy to avoid OS-level proxy changes.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>9) Logs &amp; Evidence<\/h3>\n<p>Enable HTTP history, extender logs, and issue activity. Export selected traffic for reports and proof-of-exploit.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>10) Keyboard Comfort<\/h3>\n<p>Learn hotkeys (send to Repeater, forward, drop) to move fast during manual testing.<\/p>\n<\/div>\n<p><!-- ===================== SECTION 2 ===================== --><\/p>\n<div class=\"section-title color-2\">Section 2 \u2014 Proxy, Target &amp; Scope<\/div>\n<div class=\"card\">\n<h3>11) Proxy Listener<\/h3>\n<p>Default: 127.0.0.1:8080. Add more listeners for mobile devices or upstream proxies; support invisible proxying for non-proxy-aware clients.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>12) Intercept<\/h3>\n<p>Toggle <b>Intercept is on<\/b> to pause requests\/responses. Use match\/replace and interception rules to auto-modify traffic.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>13) Target Tab<\/h3>\n<p>Site map + scope control. Right-click a host \u2192 \u201cAdd to scope\u201d. Out-of-scope requests can be hidden or blocked to avoid collateral traffic.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>14) Scope Rules<\/h3>\n<p>Define hosts, protocols, and paths with wildcards\/regex. Keep scope tight; include subdomains explicitly when needed.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>15) SSL\/TLS<\/h3>\n<p>If a site uses certificate pinning, use app-specific debug builds or disable pinning where permitted; for mobile, use a device CA store.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>16) Upstream &amp; SOCKS<\/h3>\n<p>Chain through corporate\/ZScaler proxies; set SOCKS for Tor\/VPN egress when the test plan allows.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>17) Traffic Filtering<\/h3>\n<p>Hide static assets (images\/fonts) to focus on API\/HTML. Use MIME-type and status-code filters in Proxy\/HTTP history.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>18) Rewriting Hosts<\/h3>\n<p>Map hosts to IPs (e.g., staging to specific VIP). Useful for testing DR sites or blue\/green environments.<\/p>\n<\/div>\n<p><!-- ===================== SECTION 3 ===================== --><\/p>\n<div class=\"section-title color-3\">Section 3 \u2014 Core Tools: Repeater, Intruder, etc.<\/div>\n<div class=\"card\">\n<h3>19) Repeater (Manual Testing)<\/h3>\n<p>Send a request from Proxy\/Target; tweak headers\/body; observe responses side-by-side; use tabs to track hypothesis tests.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>20) Intruder (Fuzzing)<\/h3>\n<p>Automate payload injection at marked positions. Four attack types: <b>Sniper<\/b>, <b>Battering ram<\/b>, <b>Pitchfork<\/b>, <b>Cluster bomb<\/b>.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>21) Intruder Payloads<\/h3>\n<p>Use simple lists, numbers, dates, grep-extracted tokens, or regex-based generators. Add <code>\u00a7<\/code> markers around insertion points.<\/p>\n<pre><code class=\"mono\">POST \/login HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\n\r\nusername=\u00a7admin\u00a7&amp;password=\u00a7password\u00a7<\/code><\/pre>\n<\/div>\n<div class=\"card\">\n<h3>22) Positioning Strategy<\/h3>\n<p>Mark parameters individually for <b>Sniper<\/b> when isolating; use <b>Pitchfork<\/b> to combine lists (same index) and <b>Cluster bomb<\/b> for Cartesian product.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>23) Grep-Match\/Extract<\/h3>\n<p>Highlight success indicators (e.g., <code>200<\/code>, <code>Welcome<\/code>, JWT presence). Extract dynamic values for chained attacks.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>24) Sequencer<\/h3>\n<p>Analyze token randomness (session IDs, CSRF, password reset links). Longer, high-entropy tokens should score better.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>25) Decoder<\/h3>\n<p>Convert between Base64, URL encoding, HTML entities, JWT parts; try smart decode to guess formats automatically.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>26) Comparer<\/h3>\n<p>Diff responses\/requests to see what changed; useful for detecting error-based behaviors or bypasses.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>27) Logger (HTTP history)<\/h3>\n<p>Use search\/filter to locate interesting requests; export as <code>.har<\/code>\/<code>.burp<\/code> for evidence.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>28) Inspector<\/h3>\n<p>View parsed parameters, cookies, headers, and insertion points; quickly toggle URL-encoding and body types.<\/p>\n<\/div>\n<p><!-- ===================== SECTION 4 ===================== --><\/p>\n<div class=\"section-title color-4\">Section 4 \u2014 Scanner &amp; OAST (Pro)<\/div>\n<div class=\"card\">\n<h3>29) Passive vs Active Scan<\/h3>\n<p>Passive looks at traffic for issues with zero risk. Active sends additional requests to confirm\/exploit; do it only within scope &amp; change windows.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>30) Crawl &amp; Audit<\/h3>\n<p>Let Burp discover content (forms, params) and then audit. Seed with known paths, sitemaps, or recorded logins.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>31) Scan Configuration<\/h3>\n<p>Tune insertion points, throttling, and issue selection. Exclude destructive checks when testing production.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>32) Issue Severity &amp; Confidence<\/h3>\n<p>Each finding has a risk and confidence score. Reproduce via Repeater; attach evidence and business impact in your report.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>33) Collaborator (OAST)<\/h3>\n<p>Detect SSRF, blind XXE, blind XSS by referencing a Collaborator URL and checking for out-of-band interactions.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>34) Insertion Points<\/h3>\n<p>Common: query\/body params, JSON keys\/values, headers, cookies, path segments, multipart, GraphQL variables.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>35) Rate Limiting<\/h3>\n<p>Respect app SLAs; add delays, concurrency limits, and pause scans on instability; coordinate with site reliability teams.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>36) False Positives<\/h3>\n<p>Validate by reproducing and checking context. Many \u201cinformational\u201d issues still matter for hardening (e.g., verbose banners).<\/p>\n<\/div>\n<p><!-- ===================== SECTION 5 ===================== --><\/p>\n<div class=\"section-title color-5\">Section 5 \u2014 Auth, Session, State &amp; CSRF<\/div>\n<div class=\"card\">\n<h3>37) Authentication Handling<\/h3>\n<p>Use the built-in browser to log in; record macros to fetch tokens; set session handling rules to auto-reapply auth when expired.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>38) Macros<\/h3>\n<p>A macro is a small scripted flow (e.g., GET login page \u2192 POST creds \u2192 capture CSRF). Reference it in a session rule.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>39) CSRF Tokens<\/h3>\n<p>Detect and update dynamic anti-CSRF tokens automatically by extracting from a prior response and inserting into the next request.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>40) Cookie Jar &amp; Scope<\/h3>\n<p>Burp manages cookies per host; clear or isolate per project. Mark security attributes (HttpOnly, Secure, SameSite) during review.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>41) SSO &amp; Redirects<\/h3>\n<p>For SAML\/OIDC flows, allow out-of-scope IdP endpoints but limit scanning there; use Repeater to tweak assertions\/claims within policy.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>42) State Machine (Pro)<\/h3>\n<p>Model login\/logout\/2FA states to keep scans authenticated and meaningful; avoid getting logged out mid-scan.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>43) Rate Limits &amp; Lockouts<\/h3>\n<p>Coordinate with app owners to avoid account lockouts when testing auth. Create dedicated test accounts with reset paths.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>44) Sensitive Data Exposure<\/h3>\n<p>Grep responses for PII, secrets, tokens. Add matchers for <code>AKIA[0-9A-Z]{16}<\/code> (AWS keys), JWT patterns, or common credential formats.<\/p>\n<\/div>\n<p><!-- ===================== SECTION 6 ===================== --><\/p>\n<div class=\"section-title color-6\">Section 6 \u2014 APIs, Protocols &amp; Modern Stacks<\/div>\n<div class=\"card\">\n<h3>45) REST JSON<\/h3>\n<p>Use JSON beautify in the editor; test content-type boundaries and method overrides (<code>X-HTTP-Method-Override<\/code>).<\/p>\n<\/div>\n<div class=\"card\">\n<h3>46) GraphQL<\/h3>\n<p>Send queries\/mutations via POST; enumerate schema (introspection if enabled); fuzz variables and directives.<\/p>\n<pre><code class=\"mono\">POST \/graphql\r\n{\"query\":\"query{ me{ id email } }\"}<\/code><\/pre>\n<\/div>\n<div class=\"card\">\n<h3>47) gRPC &amp; HTTP\/2<\/h3>\n<p>Burp can proxy HTTP\/2; for gRPC JSON transcoding or reflection, capture requests and iterate in Repeater; mind binary encodings.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>48) WebSockets<\/h3>\n<p>Use the \u201cMessages\u201d subtab to send\/receive frames; test auth changes after upgrade; try JSON injection and path confusion.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>49) File Uploads<\/h3>\n<p>Inspect multipart boundaries; try mismatched <code>Content-Type<\/code> vs content; check image metadata and SVG scripts.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>50) CORS<\/h3>\n<p>Validate <code>Access-Control-Allow-Origin<\/code>\/<code>Credentials<\/code>; look for <code>*<\/code> with credentials or reflection of arbitrary origins.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>51) Caching Issues<\/h3>\n<p>Check <code>Cache-Control<\/code> and <code>ETag<\/code>; test cache poisoning via vary headers and ambiguous routes.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>52) OpenAPI\/Swagger<\/h3>\n<p>Import API specs into Target to seed endpoints and parameter shapes; prune out-of-scope operations before scanning.<\/p>\n<\/div>\n<p><!-- ===================== SECTION 7 ===================== --><\/p>\n<div class=\"section-title color-7\">Section 7 \u2014 Automation, Extender &amp; Scripting<\/div>\n<div class=\"card\">\n<h3>53) BApp Store<\/h3>\n<p>Install vetted extensions (add-on scanners, content discovery, parameter miners). Review code and permissions before use.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>54) Extender API<\/h3>\n<p>Write custom extensions in Java, Python (Jython), or Ruby (JRuby) to hook requests, add insertion points, or export findings.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>55) Headless &amp; CI (Enterprise\/Pro)<\/h3>\n<p>Use Burp Enterprise for scheduled\/CI scans; in Pro, leverage the CLI and project templates for repeatable audits (where licensed).<\/p>\n<\/div>\n<div class=\"card\">\n<h3>56) Save\/Share<\/h3>\n<p>Use project files (<code>.burp<\/code>) for reproducible sessions; share with teammates along with scope notes and creds via a secure channel.<\/p>\n<\/div>\n<p><!-- ===================== SECTION 8 ===================== --><\/p>\n<div class=\"section-title color-8\">Section 8 \u2014 Patterns, Reporting &amp; Interview Q&amp;A<\/div>\n<div class=\"card\">\n<h3>57) Pattern \u2014 Param Mining<\/h3>\n<p>Use content-discovery + proxy history to collect hidden parameters; fuzz with Intruder\u2019s wordlists and grep for behavioral changes.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>58) Pattern \u2014 Auth-Bypass Checks<\/h3>\n<p>Replay authorized endpoints without cookies\/headers; try method flipping (POST\u2192GET), and check for IDORs by changing IDs.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>59) Reporting<\/h3>\n<p>For each issue: description, reproduction steps, evidence (request\/response), affected scope, risk, and remediation. Include burp logs and screenshots.<\/p>\n<\/div>\n<div class=\"card\">\n<h3>60) Interview Q&amp;A \u2014 Practical<\/h3>\n<p><b>Intruder attack types?<\/b> Sniper, Battering ram, Pitchfork, Cluster bomb.<\/p>\n<p><b>When passive scan only?<\/b> Production systems or fragile targets; start passive then surgically test with Repeater.<\/p>\n<p><b>What\u2019s Collaborator?<\/b> Out-of-band interaction server to detect SSRF\/blind vulns via callbacks.<\/p>\n<p><b>Keep scans authenticated?<\/b> Macros + session handling rules + state machine to refresh tokens.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Burp Suite Pocket Book \u2014 Uplatz 60 deep-dive flashcards \u2022 Single column \u2022 Proxy &amp; Scope \u2022 Repeater\/Intruder \u2022 Scanner &amp; OAST \u2022 Auth\/State \u2022 APIs \u2022 Extender \u2022 Interview <span class=\"readmore\"><a href=\"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/\">Read More &#8230;<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2532,2462],"tags":[],"class_list":["post-4714","post","type-post","status-publish","format-standard","hentry","category-burp-suite","category-pocket-book"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Burp Suite Pocket Book | Uplatz Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Burp Suite Pocket Book | Uplatz Blog\" \/>\n<meta property=\"og:description\" content=\"Burp Suite Pocket Book \u2014 Uplatz 60 deep-dive flashcards \u2022 Single column \u2022 Proxy &amp; Scope \u2022 Repeater\/Intruder \u2022 Scanner &amp; OAST \u2022 Auth\/State \u2022 APIs \u2022 Extender \u2022 Interview Read More ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/\" \/>\n<meta property=\"og:site_name\" content=\"Uplatz Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Uplatz-1077816825610769\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-21T11:30:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-30T11:47:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Burp-Suite.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"uplatzblog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@uplatz_global\" \/>\n<meta name=\"twitter:site\" content=\"@uplatz_global\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"uplatzblog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/burp-suite-pocket-book\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/burp-suite-pocket-book\\\/\"},\"author\":{\"name\":\"uplatzblog\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#\\\/schema\\\/person\\\/8ecae69a21d0757bdb2f776e67d2645e\"},\"headline\":\"Burp Suite Pocket Book\",\"datePublished\":\"2025-08-21T11:30:12+00:00\",\"dateModified\":\"2025-08-30T11:47:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/burp-suite-pocket-book\\\/\"},\"wordCount\":1271,\"publisher\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/burp-suite-pocket-book\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/Burp-Suite-1024x576.jpg\",\"articleSection\":[\"Burp Suite\",\"Pocket Book\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/burp-suite-pocket-book\\\/\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/burp-suite-pocket-book\\\/\",\"name\":\"Burp Suite Pocket Book | Uplatz Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/burp-suite-pocket-book\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/burp-suite-pocket-book\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/Burp-Suite-1024x576.jpg\",\"datePublished\":\"2025-08-21T11:30:12+00:00\",\"dateModified\":\"2025-08-30T11:47:48+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/burp-suite-pocket-book\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/uplatz.com\\\/blog\\\/burp-suite-pocket-book\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/burp-suite-pocket-book\\\/#primaryimage\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/Burp-Suite.jpg\",\"contentUrl\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/Burp-Suite.jpg\",\"width\":1280,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/burp-suite-pocket-book\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Burp Suite Pocket Book\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/\",\"name\":\"Uplatz Blog\",\"description\":\"Uplatz is a global IT Training &amp; Consulting company\",\"publisher\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#organization\",\"name\":\"uplatz.com\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/11\\\/Uplatz-Logo-Copy-2.png\",\"contentUrl\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/11\\\/Uplatz-Logo-Copy-2.png\",\"width\":1280,\"height\":800,\"caption\":\"uplatz.com\"},\"image\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/Uplatz-1077816825610769\\\/\",\"https:\\\/\\\/x.com\\\/uplatz_global\",\"https:\\\/\\\/www.instagram.com\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/7956715?trk=tyah&amp;amp;amp;amp;trkInfo=clickedVertical:company,clickedEntityId:7956715,idx:1-1-1,tarId:1464353969447,tas:uplatz\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#\\\/schema\\\/person\\\/8ecae69a21d0757bdb2f776e67d2645e\",\"name\":\"uplatzblog\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g\",\"caption\":\"uplatzblog\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Burp Suite Pocket Book | Uplatz Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/","og_locale":"en_US","og_type":"article","og_title":"Burp Suite Pocket Book | Uplatz Blog","og_description":"Burp Suite Pocket Book \u2014 Uplatz 60 deep-dive flashcards \u2022 Single column \u2022 Proxy &amp; Scope \u2022 Repeater\/Intruder \u2022 Scanner &amp; OAST \u2022 Auth\/State \u2022 APIs \u2022 Extender \u2022 Interview Read More ...","og_url":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/","og_site_name":"Uplatz Blog","article_publisher":"https:\/\/www.facebook.com\/Uplatz-1077816825610769\/","article_published_time":"2025-08-21T11:30:12+00:00","article_modified_time":"2025-08-30T11:47:48+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Burp-Suite.jpg","type":"image\/jpeg"}],"author":"uplatzblog","twitter_card":"summary_large_image","twitter_creator":"@uplatz_global","twitter_site":"@uplatz_global","twitter_misc":{"Written by":"uplatzblog","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/#article","isPartOf":{"@id":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/"},"author":{"name":"uplatzblog","@id":"https:\/\/uplatz.com\/blog\/#\/schema\/person\/8ecae69a21d0757bdb2f776e67d2645e"},"headline":"Burp Suite Pocket Book","datePublished":"2025-08-21T11:30:12+00:00","dateModified":"2025-08-30T11:47:48+00:00","mainEntityOfPage":{"@id":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/"},"wordCount":1271,"publisher":{"@id":"https:\/\/uplatz.com\/blog\/#organization"},"image":{"@id":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/#primaryimage"},"thumbnailUrl":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Burp-Suite-1024x576.jpg","articleSection":["Burp Suite","Pocket Book"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/","url":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/","name":"Burp Suite Pocket Book | Uplatz Blog","isPartOf":{"@id":"https:\/\/uplatz.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/#primaryimage"},"image":{"@id":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/#primaryimage"},"thumbnailUrl":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Burp-Suite-1024x576.jpg","datePublished":"2025-08-21T11:30:12+00:00","dateModified":"2025-08-30T11:47:48+00:00","breadcrumb":{"@id":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/#primaryimage","url":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Burp-Suite.jpg","contentUrl":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Burp-Suite.jpg","width":1280,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/uplatz.com\/blog\/burp-suite-pocket-book\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/uplatz.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Burp Suite Pocket Book"}]},{"@type":"WebSite","@id":"https:\/\/uplatz.com\/blog\/#website","url":"https:\/\/uplatz.com\/blog\/","name":"Uplatz Blog","description":"Uplatz is a global IT Training &amp; Consulting company","publisher":{"@id":"https:\/\/uplatz.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/uplatz.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/uplatz.com\/blog\/#organization","name":"uplatz.com","url":"https:\/\/uplatz.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/uplatz.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2016\/11\/Uplatz-Logo-Copy-2.png","contentUrl":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2016\/11\/Uplatz-Logo-Copy-2.png","width":1280,"height":800,"caption":"uplatz.com"},"image":{"@id":"https:\/\/uplatz.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Uplatz-1077816825610769\/","https:\/\/x.com\/uplatz_global","https:\/\/www.instagram.com\/","https:\/\/www.linkedin.com\/company\/7956715?trk=tyah&amp;amp;amp;amp;trkInfo=clickedVertical:company,clickedEntityId:7956715,idx:1-1-1,tarId:1464353969447,tas:uplatz"]},{"@type":"Person","@id":"https:\/\/uplatz.com\/blog\/#\/schema\/person\/8ecae69a21d0757bdb2f776e67d2645e","name":"uplatzblog","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g","caption":"uplatzblog"}}]}},"_links":{"self":[{"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/posts\/4714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/comments?post=4714"}],"version-history":[{"count":2,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/posts\/4714\/revisions"}],"predecessor-version":[{"id":5071,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/posts\/4714\/revisions\/5071"}],"wp:attachment":[{"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/media?parent=4714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/categories?post=4714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/tags?post=4714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}