BiTree
  • Search For Lessons
  • Curriculum
  • Pricing
  • For Educators
  • Become a Tutor
  • About
  • Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
BiTree

Live coding lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Search For Lessons
  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Become a Tutor
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 BiTree. All rights reserved.
Curriculum/Cybersecurity/Burp Suite: Web Application Testing/The Burp Suite Interface
35 minBeginner

The Burp Suite Interface

After this lesson, you will be able to: Navigate every Burp panel a professional uses daily: Dashboard, Target, Proxy, Intruder, Repeater, Decoder, Comparer, Logger, Sequencer, and Extensions.

Burp has many tabs, and knowing what each is for is half the skill. This lesson tours the panels you will use throughout the subtrack so the later lessons can focus on technique rather than where things are.

Prerequisites:Installing Burp Suite and Configuring Your Browser

Dashboard and Target

The Dashboard shows active scans (Pro), the event log, and issue activity. Target holds the site map (a tree of every host and path Burp has seen) and the scope configuration. Scope is critical: it defines which hosts you are allowed to test, so you do not accidentally send traffic at things you should not. Setting scope early keeps your work focused and safe.

Proxy, Repeater, and Intruder (the core three)

Proxy is where interception and HTTP history live. Repeater lets you manually craft and resend a single request as many times as you want while reading the full response, the heart of manual testing. Intruder automates customized attacks by sending a request repeatedly with different payloads at marked positions. You will spend most of your time in these three.

Decoder, Comparer, Sequencer

Decoder encodes and decodes data (Base64, URL, HTML, hex, gzip), invaluable for reading tokens and crafting payloads. Comparer diffs two requests or responses to spot subtle differences (for example, the response to a valid vs invalid username). Sequencer analyzes the randomness of tokens like session IDs and CSRF tokens to see whether they are predictable.

Logger, Extensions, and where Pro features sit

Logger (Professional) is a full searchable traffic log across all tools. Extensions (formerly Extender) is the BApp Store plus your own custom extensions in Java or Python. As you tour these, note which are Pro-only (Scanner, Logger) so you know what Community offers. You do not need to master each now; you need to know what exists and where to find it.

Quick Check

Which tab would you use to manually modify and resend a single request repeatedly while reading the response?

Pick one.

Common mistakes only experienced testers catch

Never setting scope, so the site map and history fill with noise from third-party domains. Confusing Repeater (manual, one request) with Intruder (automated, many payloads). Overlooking Decoder and re-encoding payloads by hand. Forgetting Comparer when a tiny response difference is the whole tell. Assuming a feature is missing when it is simply a Professional-only tab.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Installing Burp Suite and Configuring Your Browser
Back to Burp Suite: Web Application Testing
HTTP History and Scope→