BurpSuite
Back to cyber security page
What is BurpSuite?
Burp Suite is one of the most popular penetration testing and vulnerability finder tools, and is often used for checking web application security. Proxy , reapeater , Intruder are one of many feature in BurpSuite.
Usage
Target
- Add IP’s in scope for itercept
- site map will build up overtime showing all URLs
Proxy
- Turn on Intercept Proxy to capture , drop or modify packet details
- Also track Http history
- Use FoxyProxy for switching proxy fast
Intruder
- Allow user to change and brute force parameters
- Different from repeater as repeater don’t have automated bruteforce capacity
Repeater
- Repeat the packet query with changed details
- Basically repeat to request multiple time
Decoder
- Decode URL , HTML , HEX and Binary
Comparer
- Compare two different responses
Documentation
- Target - This tool contains detailed information about your target applications, and lets you drive the process of testing for vulnerabilities.
- Proxy - This is an intercepting web proxy that operates as a man-in-the-middle between the end browser and the target web application. It lets you intercept, inspect and modify the raw traffic passing in both directions.
- Scanner Professional - This is an advanced web vulnerability scanner, which can automatically crawl content and audit for numerous types of vulnerabilities.
- Intruder - This is a powerful tool for carrying out automated customized attacks against web applications. It is highly configurable and can be used to perform a wide range of tasks to make your testing faster and more effective.
- Repeater - This is a tool for manually manipulating and reissuing individual HTTP requests, and analyzing the application’s responses.
- Sequencer - This is a sophisticated tool for analyzing the quality of randomness in an application’s session tokens or other important data items that are intended to be unpredictable.
- Decoder - This is a useful tool for performing manual or intelligent decoding and encoding of application data.
- Comparer - This is a handy utility for performing a visual “diff” between any two items of data, such as pairs of similar HTTP messages.
- Extender - This lets you load Burp extensions, to extend Burp’s functionality using your own or third-party code.
- Clickbandit - This is a tool for generating Clickjacking attacks.
- Collaborator client Professional - This is a tool for making use of Burp Collaborator during manual testing.
- Mobile Assistant - This is a tool to facilitate testing of mobile apps with Burp Suite.
- Logger - This is a tool for recording and analyzing HTTP traffic that Burp Suite generates.
- DOM Invader - This is a tool for finding DOM XSS vulnerabilities.
Source