burpsuite▌

Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege escalation beyond what technical vulnerability scanners can detect.

Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure message handling during authorized security assessments.

Search and extract HTTP traffic, audit findings, and security data from Burp Suite project files via CLI. \n \n Queries proxy history, site map, and audit items using regex patterns on request/response headers and bodies \n Requires Burp Suite Professional and the burpsuite-project-file-parser extension; delegates parsing to Burp's Java runtime \n Enforces sub-component filters (headers, bodies) instead of full dumps to prevent gigabyte-scale data retrieval; mandatory truncation of body content