Professional Community

Getting started with Burp Proxy's HTTP history

Burp Proxy is a web proxy server that lets you view, intercept, and even modify the communication between Burp's browser and web servers.

The HTTP history tab displays a log of the HTTP requests that Burp's browser makes, along with the matching responses that it receives from the server.

This enables you to:

Study the behavior of a target website.
Look for HTTP requests that contain useful parameters and other inputs.
Look for features of HTTP responses that may indicate vulnerabilities.
Send interesting requests to other tools in Burp Suite for further testing.

To get started using the HTTP history tab, we recommend following the tutorial below.

For more detailed information about the features of the HTTP history tab, please see the full documentation.

Tutorial

In this tutorial, you'll learn about the main features of the HTTP history tab using one of the deliberately vulnerable labs on the Web Security Academy.

Step 1: Access the lab

Open Burp's browser, and use it to access the following lab:

https://portswigger.net/web-security/sql-injection/union-attacks/lab-determine-number-of-columns

Click Access the lab and log in to your PortSwigger account if prompted. This opens your own instance of a deliberately vulnerable shopping website.

Step 2: Populate the HTTP history

To see how the HTTP history tab works, you first need to populate it with requests.

Position Burp's browser and Burp Suite side by side.

Burp Suite and Burps browser side by side

Browse around the shopping site, visiting some of the product pages. As you do this, notice that the HTTP history tab shows details about each request that the browser makes in real-time.

History table

Step 3: View a request and response

To view more details about a particular request, click its entry in the history table. This displays the full text of the request and response in the message editor.

Selecting a request in the history table to open it in the message editor

The message editor offers different views for displaying the request and response. You can switch between these using the buttons above the request and response.

View mode buttons at the top of the message editor

To the right of the window, you can see the Inspector panel. The Inspector is a tool offering features designed to help you analyze and work with messages more easily.

Step 4: Sort and filter the history table

You can both sort and filter the history table.

To sort the table using a particular column, simply click on the column header. You might find it useful to sort the history table so that the most recent requests are on top.

To open the Filter settings, click the Filter bar above the history table.

Step 5: Send a request to another tool

You can right-click on a request, either in the history table or the message editor, to open a context menu. From here, you can choose from a range of actions.

One of the most commonly used actions is to send an interesting request to one of Burp's other tools for further testing.

Using the context menu to send a request to Burp Repeater

Learn more about Burp Proxy's HTTP history

You have now had a brief overview of using the HTTP history tab to study requests and send them to other tools.

Other options for working with a request in the proxy history include:

Highlighting or commenting on a request.
Adding or removing specific endpoints from the testing scope.
Sending a request again using the browser, either in the original session or a new one.
Viewing the response to a request rendered in Burp's browser.

For more detailed information about the HTTP history and Message editor, please see:

Full documentation about the HTTP history tab.
Full documentation about the Message editor.

To get more practice using the HTTP history tab, why not try out our Web Security Academy?