Observe that sending a non-integer productId has caused an exception. Fig: 4.4.1 netcat l. In a real scenario, this kind of information could be useful to an attacker, especially if the named version is known to contain additional vulnerabilities. You can then send requests from the proxy history to other Burp tools, such as Repeater and Scanner. You can also use other Burp tools to help you analyze the attack surface and decide where to focus your attention: Analyzing the attack surface with Burp Suite. Step 1: Open Burp suite. As already mentioned, Burp Suite (community edition) is present by default within Kali Linux. We can choose the following types of attack types: We opt for the convenience of the cluster bomb and then select the username and password field (with the Add button). Congratulation! You have more control over the execution of the application via the command line. You can then configure Burp to log only in-scope items. There's no need. Identify functionality that is visible to one user and not another. ncdu: What's going on with this second size column? Connect and share knowledge within a single location that is structured and easy to search. You can resend this request as many times as you like and the response will be updated each time. This is my request's raw: I tried to send POST request like that: