π° Originally published on SecurityElites β the canonical, fully-updated version of this article.
Youβve been using Burp Suite for a year. You know Proxy, Repeater, and Intruder. You feel reasonably competent. Then you watch a senior bug bounty hunter do a session review and theyβre doing things youβve never seen β requests filtering themselves based on response content, headers injecting automatically into every request, a login macro re-authenticating silently in the background while Intruder runs overnight.
That gap between βknows Burpβ and βuses Burp at full capacityβ is exactly where most hunters stay permanently. Nobody teaches the 7 Burp Suite Hidden Features that experienced testers use every session. The tutorials cover the three obvious tabs and stop. The rest gets learned by accident or not at all.
Iβve been testing web applications with Burp professionally for years. These seven Burp suite hidden features cut hours from every assessment. Some are built-in, some are extensions. All of them are free. All of them work in Community Edition.
π― What Youβll Have After This
Burp Macros configured for automatic re-authentication β run Intruder overnight without session expiry killing your attack
Logger++ capturing traffic that Proxy History misses β including requests from extensions and Scanner
Match & Replace rules injecting bypass headers into every request automatically
Bambdas filtering thousands of requests to the exact ones that matter in seconds
Param Miner finding hidden parameters the application doesnβt document but does process
Organizer replacing your messy external notes file with tracked, exportable findings
β±οΈ 20 min read Β· immediately applicable to your next session ### π 7 Burp Suite Hidden Features β Contents 1. Feature 1 β Burp Macros: Automated Re-Authentication 2. Feature 2 β Logger++: Traffic Youβre Currently Missing 3. Feature 3 β Match & Replace: Bulk Header Injection 4. Feature 4 β Bambdas: JVM-Powered Request Filtering 5. Feature 5 β Param Miner: Hidden Parameter Discovery 6. Feature 6 β Organizer: Stop Losing Findings 7. Feature 7 β Target Scope: Cut 80% of the Noise ## Feature 1 β Burp Macros: Automated Re-Authentication Hereβs the problem Macros solves. Youβre running an Intruder attack against an authenticated endpoint. Two hours in, the session expires. Intruder keeps firing requests, but theyβre all hitting the login redirect now. You wasted two hours of attack time against the wrong endpoint, and you didnβt notice because Intruder doesnβt care about 302 responses β it just reports them as βsuccess.β
Macros record a login sequence and replay it automatically when Burp detects session expiry. Set one up once and you never babysit a session again. This is the feature that makes overnight Intruder runs viable.
BURP MACROS β SETUP WALKTHROUGHCopy
Step 1: Record the macro
Project Options β Sessions β Macros β Add
Select the login POST request from Proxy History β OK
Macro recorded: POST /login with username=admin&password=X
Step 2: Create Session Handling Rule
Sessions β Session Handling Rules β Add
Rule Actions β Add β Run a macro β select your macro
Scope β Tools: β Intruder β Scanner β Repeater
Scope β URL Scope: Use suite scope
Step 3: Test the macro works
Open Macro Editor β Test macro β verify login response = 200
Add a check β macro should update a session cookie from the response
Macro Editor β Configure item β Cookie/Parameter handling
Extract session_id from login response β use in subsequent requests
The macro doesnβt just log you in β it updates the session cookie from the login response and passes it through to subsequent requests. Get this configured correctly once and your authenticated testing sessions run without interruption regardless of how short the session timeout is.
Feature 2 β Logger++: The Traffic Youβre Currently Missing
Proxy History only shows requests that go through Burpβs proxy listener. Logger++ captures everything Burp processes β including requests from extensions, the Scanner, Intruder payloads, and any tool using Burpβs upstream proxy. The traffic youβre missing right now is the traffic that comes from extensions making their own requests in the background.
The other thing Logger++ does that Proxy History doesnβt: it lets you search across all captured traffic using an advanced filter with regex, response keyword matching, and status code conditions simultaneously. Finding the one request in 50,000 that has an interesting response takes seconds instead of manual scrolling.
LOGGER++ β SETUP AND ADVANCED FILTERSCopy
Install Logger++
Extender β BApp Store β search βLogger++β β Install
New tab βLoggerβ appears β all Burp traffic captured here
Useful filter examples
Show only 200 responses with βpasswordβ in response body
Response.status == 200 && Response.body contains βpasswordβ
Show requests with non-standard Content-Type headers
Request.headers contains βapplication/x-www-form-urlencodedβ
Show responses with large body (potential data leak)
Response.body.length > 50000
Export filtered results for reporting
Logger++ β Log Table β right-click β Export as CSV
securityelites.com
Logger++ vs Proxy History β What Each Captures
Proxy History β Misses
β Extension-generated requests
β Intruder requests (only results)
β Scanner requests
β Collaborator interactions
β Out-of-scope requests
β Burp-internal requests
Logger++ β Captures
β
Everything Proxy History shows
β
Extension-generated requests
β
All Intruder payloads
β
All Scanner requests
β
Configurable scope filtering
β
Regex-searchable across all fields
πΈ Logger++ captures the traffic Proxy History misses β most importantly, requests generated by Burp extensions running in the background. During a complex assessment using multiple extensions simultaneously, Logger++ often shows 3β5Γ more requests than Proxy History alone. The advanced filter bar lets you search any field with regex or boolean conditions, making it possible to find a specific type of response in a 100,000-request capture in seconds.
π Read the complete guide on SecurityElites
This article continues with deeper technical detail, screenshots, code samples, and an interactive lab walk-through. Read the full article on SecurityElites β
This article was originally written and published by the SecurityElites team. For more cybersecurity tutorials, ethical hacking guides, and CTF walk-throughs, visit SecurityElites.
Top comments (0)