What kind of vulnerabilities can I find with this skill?

The skill includes patterns for discovering SQL injection, Cross-Site Scripting (XSS), Path Traversal, Command Injection, and various business logic flaws.

How does this skill help with request modification?

It provides specific workflows for using Burp Proxy and Repeater to intercept live traffic and modify parameters like price, quantities, or user IDs before they reach the server.

Is it necessary to install a CA certificate?

Yes, to intercept HTTPS traffic, you must install Burp's CA certificate in your browser. This skill provides troubleshooting steps for that configuration.

Can I use this skill with Burp Suite Community Edition?

Yes, the skill provides guidance for features available in both Community and Professional versions, though automated scanning is restricted to Professional.

Does this skill support automated attacks?

Yes, it includes a dedicated phase for Burp Intruder, covering different attack types like Sniper and Cluster Bomb for automated payload delivery.

Burp Suite Web Application Testing

Name: Burp Suite Web Application Testing
Author: zebbern

byzebbern

•

2,883

•

Security & Testing

Performs comprehensive web application security audits by intercepting, analyzing, and modifying HTTP traffic using Burp Suite's professional toolset.

The Burp Suite Web Application Testing skill provides a structured methodology for identifying and exploiting web vulnerabilities through proxy-based testing. It guides users through the entire security assessment lifecycle, including initial proxy configuration, defining target scopes, manual request manipulation with Repeater, and automated scanning with Intruder. By leveraging this skill, developers and security researchers can systematically uncover flaws such as SQL injection, XSS, and broken access control, ensuring robust application security through proven penetration testing patterns.

Key Features

01Manual testing workflows for Repeater and Intruder modules

022,883 GitHub stars

03HTTP traffic interception and real-time request modification

04Automated vulnerability scanning and remediation guidance

05Detailed target scope management to focus testing efforts

06Step-by-step instructions for CA certificate and proxy setup

Use Cases

01Identifying business logic vulnerabilities by manipulating price or user ID parameters

02Performing manual security audits to find injection flaws like SQLi and XSS

03Analyzing hidden API endpoints and undocumented HTTP headers for information disclosure

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add zebbern/claude-code-guide burp-suite-testing

For use in Claude.ai and ChatGPT

Download Skill