burp-suite-web-application-testing

name: Burp Suite Web Application Testing description: This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing. metadata: author: zebbern version: 4.1.0-fractal

Burp Suite Web Application Testing

Purpose

Execute comprehensive web application security testing using Burp Suite's integrated toolset, including HTTP traffic interception and modification, request analysis and replay, automated vulnerability scanning, and manual testing workflows. This skill enables systematic discovery and exploitation of web application vulnerabilities through proxy-based testing methodology.

Inputs / Prerequisites

🧠 Knowledge Modules (Fractal Skills)

1. Required Tools

2. Environment Setup

3. Editions Comparison

4. Primary Outputs

5. Phase 1: Intercepting HTTP Traffic

6. Phase 2: Modifying Requests

7. Phase 3: Setting Target Scope

8. Phase 4: Using Burp Repeater

9. Phase 5: Running Automated Scans

10. Phase 6: Intruder Attacks

11. Keyboard Shortcuts

12. Common Testing Payloads

13. Request Modification Tips

14. Operational Boundaries

15. Technical Limitations

16. Best Practices

17. Example 1: Business Logic Testing

18. Example 2: Authentication Bypass

19. Example 3: Information Disclosure

20. Browser Not Connecting Through Proxy

21. HTTPS Interception Failing

22. Slow Performance

23. Requests Not Being Intercepted