Burp needs to "see" your traffic. You have two main options:

Burp Suite is the industry-standard tool for web application security testing, acting as a "man-in-the-middle" proxy that lets you inspect and modify traffic between your browser and a server. 1. Installation and Basic Setup

If you need to test hundreds of payloads (like a list of common passwords): Send a request to . Under Positions , highlight the value you want to swap out. Under Payloads , paste your list. Click Start Attack . Tips for Efficiency

Start by browsing the target website normally with intercept turned . Burp will automatically populate the Target tab. Right-click the target domain. Select Add to scope .

Suddenly, one request stood out. The response length was 120 bytes. HTTP/1.1 302 Found Location: /dashboard

He captured the login POST request in the Proxy.

Designed for automated, scheduled scanning across entire organizations. Core Components

Burp had caught the request because Alex had toggled again just before clicking. He looked at the request.