How do I install Burp Suite Web Application Testing?

Install Burp Suite Web Application Testing with a single command: npx mdskills install sickn33/burp-suite-testing. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Burp Suite Web Application Testing?

Burp Suite Web Application Testing works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to skills

Burp Suite Web Application Testing

Name: Burp Suite Web Application Testing: AI Agent Skill
Rating: 8 (1 reviews)
Author: sickn33

Verified

Testing & QAIntermediate

This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing.

by @sickn330Updated 2 weeks ago

Add this skill

npx mdskills install sickn33/burp-suite-testing

Fork & Edit

Skill Advisor8.0

Comprehensive, phase-based Burp Suite guide with clear workflows, examples, and security testing payloads

+Provides systematic six-phase workflow with specific steps and keyboard shortcuts
+Includes practical examples for price manipulation, SQLi, and info disclosure testing
+Offers quick reference tables for attack types, payloads, and troubleshooting
-Declares filesystem write and shell execution without clear justification in workflow
-Includes raw exploit payloads without validation guidance or ethical testing reminders

SKILL.md

Edit in Browser

1---
2name: Burp Suite Web Application Testing
3description: This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing.
4metadata:
5  author: zebbern
6  version: "1.1"
7---
8 
9# Burp Suite Web Application Testing
10 
11## Purpose
12 
13Execute comprehensive web application security testing using Burp Suite's integrated toolset, including HTTP traffic interception and modification, request analysis and replay, automated vulnerability scanning, and manual testing workflows. This skill enables systematic discovery and exploitation of web application vulnerabilities through proxy-based testing methodology.
14 
15## Inputs / Prerequisites
16 
17### Required Tools
18- Burp Suite Community or Professional Edition installed
19- Burp's embedded browser or configured external browser
20- Target web application URL
21- Valid credentials for authenticated testing (if applicable)
22 
23### Environment Setup
24- Burp Suite launched with temporary or named project
25- Proxy listener active on 127.0.0.1:8080 (default)
26- Browser configured to use Burp proxy (or use Burp's browser)
27- CA certificate installed for HTTPS interception
28 
29### Editions Comparison
30| Feature | Community | Professional |
31|---------|-----------|--------------|
32| Proxy | ✓ | ✓ |
33| Repeater | ✓ | ✓ |
34| Intruder | Limited | Full |
35| Scanner | ✗ | ✓ |
36| Extensions | ✓ | ✓ |
37 
38## Outputs / Deliverables
39 
40### Primary Outputs
41- Intercepted and modified HTTP requests/responses
42- Vulnerability scan reports with remediation advice
43- HTTP history and site map documentation
44- Proof-of-concept exploits for identified vulnerabilities
45 
46## Core Workflow
47 
48### Phase 1: Intercepting HTTP Traffic
49 
50#### Launch Burp's Browser
51Navigate to integrated browser for seamless proxy integration:
52 
531. Open Burp Suite and create/open project
542. Go to **Proxy > Intercept** tab
553. Click **Open Browser** to launch preconfigured browser
564. Position windows to view both Burp and browser simultaneously
57 
58#### Configure Interception
59Control which requests are captured:
60 
61```
62Proxy > Intercept > Intercept is on/off toggle
63 
64When ON: Requests pause for review/modification
65When OFF: Requests pass through, logged to history
66```
67 
68#### Intercept and Forward Requests
69Process intercepted traffic:
70 
711. Set intercept toggle to **Intercept on**
722. Navigate to target URL in browser
733. Observe request held in Proxy > Intercept tab
744. Review request contents (headers, parameters, body)
755. Click **Forward** to send request to server
766. Continue forwarding subsequent requests until page loads
77 
78#### View HTTP History
79Access complete traffic log:
80 
811. Go to **Proxy > HTTP history** tab
822. Click any entry to view full request/response
833. Sort by clicking column headers (# for chronological order)
844. Use filters to focus on relevant traffic
85 
86### Phase 2: Modifying Requests
87 
88#### Intercept and Modify
89Change request parameters before forwarding:
90 
911. Enable interception: **Intercept on**
922. Trigger target request in browser
933. Locate parameter to modify in intercepted request
944. Edit value directly in request editor
955. Click **Forward** to send modified request
96 
97#### Common Modification Targets
98| Target | Example | Purpose |
99|--------|---------|---------|
100| Price parameters | `price=1` | Test business logic |
101| User IDs | `userId=admin` | Test access control |
102| Quantity values | `qty=-1` | Test input validation |
103| Hidden fields | `isAdmin=true` | Test privilege escalation |
104 
105#### Example: Price Manipulation
106 
107```http
108POST /cart HTTP/1.1
109Host: target.com
110Content-Type: application/x-www-form-urlencoded
111 
112productId=1&quantity=1&price=100
113 
114# Modify to:
115productId=1&quantity=1&price=1
116```
117 
118Result: Item added to cart at modified price.
119 
120### Phase 3: Setting Target Scope
121 
122#### Define Scope
123Focus testing on specific target:
124 
1251. Go to **Target > Site map**
1262. Right-click target host in left panel
1273. Select **Add to scope**
1284. When prompted, click **Yes** to exclude out-of-scope traffic
129 
130#### Filter by Scope
131Remove noise from HTTP history:
132 
1331. Click display filter above HTTP history
1342. Select **Show only in-scope items**
1353. History now shows only target site traffic
136 
137#### Scope Benefits
138- Reduces clutter from third-party requests
139- Prevents accidental testing of out-of-scope sites
140- Improves scanning efficiency
141- Creates cleaner reports
142 
143### Phase 4: Using Burp Repeater
144 
145#### Send Request to Repeater
146Prepare request for manual testing:
147 
1481. Identify interesting request in HTTP history
1492. Right-click request and select **Send to Repeater**
1503. Go to **Repeater** tab to access request
151 
152#### Modify and Resend
153Test different inputs efficiently:
154 
155```
1561. View request in Repeater tab
1572. Modify parameter values
1583. Click Send to submit request
1594. Review response in right panel
1605. Use navigation arrows to review request history
161```
162 
163#### Repeater Testing Workflow
164 
165```
166Original Request:
167GET /product?productId=1 HTTP/1.1
168 
169Test 1: productId=2    → Valid product response
170Test 2: productId=999  → Not Found response  
171Test 3: productId='    → Error/exception response
172Test 4: productId=1 OR 1=1 → SQL injection test
173```
174 
175#### Analyze Responses
176Look for indicators of vulnerabilities:
177 
178- Error messages revealing stack traces
179- Framework/version information disclosure
180- Different response lengths indicating logic flaws
181- Timing differences suggesting blind injection
182- Unexpected data in responses
183 
184### Phase 5: Running Automated Scans
185 
186#### Launch New Scan
187Initiate vulnerability scanning (Professional only):
188 
1891. Go to **Dashboard** tab
1902. Click **New scan**
1913. Enter target URL in **URLs to scan** field
1924. Configure scan settings
193 
194#### Scan Configuration Options
195 
196| Mode | Description | Duration |
197|------|-------------|----------|
198| Lightweight | High-level overview | ~15 minutes |
199| Fast | Quick vulnerability check | ~30 minutes |
200| Balanced | Standard comprehensive scan | ~1-2 hours |
201| Deep | Thorough testing | Several hours |
202 
203#### Monitor Scan Progress
204Track scanning activity:
205 
2061. View task status in **Dashboard**
2072. Watch **Target > Site map** update in real-time
2083. Check **Issues** tab for discovered vulnerabilities
209 
210#### Review Identified Issues
211Analyze scan findings:
212 
2131. Select scan task in Dashboard
2142. Go to **Issues** tab
2153. Click issue to view:
216   - **Advisory**: Description and remediation
217   - **Request**: Triggering HTTP request
218   - **Response**: Server response showing vulnerability
219 
220### Phase 6: Intruder Attacks
221 
222#### Configure Intruder
223Set up automated attack:
224 
2251. Send request to Intruder (right-click > Send to Intruder)
2262. Go to **Intruder** tab
2273. Define payload positions using § markers
2284. Select attack type
229 
230#### Attack Types
231 
232| Type | Description | Use Case |
233|------|-------------|----------|
234| Sniper | Single position, iterate payloads | Fuzzing one parameter |
235| Battering ram | Same payload all positions | Credential testing |
236| Pitchfork | Parallel payload iteration | Username:password pairs |
237| Cluster bomb | All payload combinations | Full brute force |
238 
239#### Configure Payloads
240 
241```
242Positions Tab:
243POST /login HTTP/1.1
244...
245username=§admin§&password=§password§
246 
247Payloads Tab:
248Set 1: admin, user, test, guest
249Set 2: password, 123456, admin, letmein
250```
251 
252#### Analyze Results
253Review attack output:
254 
255- Sort by response length to find anomalies
256- Filter by status code for successful attempts
257- Use grep to search for specific strings
258- Export results for documentation
259 
260## Quick Reference
261 
262### Keyboard Shortcuts
263| Action | Windows/Linux | macOS |
264|--------|---------------|-------|
265| Forward request | Ctrl+F | Cmd+F |
266| Drop request | Ctrl+D | Cmd+D |
267| Send to Repeater | Ctrl+R | Cmd+R |
268| Send to Intruder | Ctrl+I | Cmd+I |
269| Toggle intercept | Ctrl+T | Cmd+T |
270 
271### Common Testing Payloads
272 
273```
274# SQL Injection
275' OR '1'='1
276' OR '1'='1'--
2771 UNION SELECT NULL--
278 
279# XSS
280<script>alert(1)</script>
281"><img src=x onerror=alert(1)>
282javascript:alert(1)
283 
284# Path Traversal
285../../../etc/passwd
286..\..\..\..\windows\win.ini
287 
288# Command Injection
289; ls -la
290| cat /etc/passwd
291`whoami`
292```
293 
294### Request Modification Tips
295- Right-click for context menu options
296- Use decoder for encoding/decoding
297- Compare requests using Comparer tool
298- Save interesting requests to project
299 
300## Constraints and Guardrails
301 
302### Operational Boundaries
303- Test only authorized applications
304- Configure scope to prevent accidental out-of-scope testing
305- Rate-limit scans to avoid denial of service
306- Document all findings and actions
307 
308### Technical Limitations
309- Community Edition lacks automated scanner
310- Some sites may block proxy traffic
311- HSTS/certificate pinning may require additional configuration
312- Heavy scanning may trigger WAF blocks
313 
314### Best Practices
315- Always set target scope before extensive testing
316- Use Burp's browser for reliable interception
317- Save project regularly to preserve work
318- Review scan results manually for false positives
319 
320## Examples
321 
322### Example 1: Business Logic Testing
323 
324**Scenario**: E-commerce price manipulation
325 
3261. Add item to cart normally, intercept request
3272. Identify `price=9999` parameter in POST body
3283. Modify to `price=1`
3294. Forward request
3305. Complete checkout at manipulated price
331 
332**Finding**: Server trusts client-provided price values.
333 
334### Example 2: Authentication Bypass
335 
336**Scenario**: Testing login form
337 
3381. Submit valid credentials, capture request in Repeater
3392. Send to Repeater for testing
3403. Try: `username=admin' OR '1'='1'--`
3414. Observe successful login response
342 
343**Finding**: SQL injection in authentication.
344 
345### Example 3: Information Disclosure
346 
347**Scenario**: Error-based information gathering
348 
3491. Navigate to product page, observe `productId` parameter
3502. Send request to Repeater
3513. Change `productId=1` to `productId=test`
3524. Observe verbose error revealing framework version
353 
354**Finding**: Apache Struts 2.5.12 disclosed in stack trace.
355 
356## Troubleshooting
357 
358### Browser Not Connecting Through Proxy
359- Verify proxy listener is active (Proxy > Options)
360- Check browser proxy settings point to 127.0.0.1:8080
361- Ensure no firewall blocking local connections
362- Use Burp's embedded browser for reliable setup
363 
364### HTTPS Interception Failing
365- Install Burp CA certificate in browser/system
366- Navigate to http://burp to download certificate
367- Add certificate to trusted roots
368- Restart browser after installation
369 
370### Slow Performance
371- Limit scope to reduce processing
372- Disable unnecessary extensions
373- Increase Java heap size in startup options
374- Close unused Burp tabs and features
375 
376### Requests Not Being Intercepted
377- Verify "Intercept on" is enabled
378- Check intercept rules aren't filtering target
379- Ensure browser is using Burp proxy
380- Verify target isn't using unsupported protocol
381

Full transparency — inspect the skill content before installing.