[go: up one dir, main page]
Scribd
Upload
2K views6 pages

Burp Suite Introduction

Burp Suite is a Java-based web penetration testing framework that acts as a proxy to intercept and analyze web requests and responses. It has several tabs like Proxy, Spider, Scanner, and Intruder that allow testing web applications by modifying requests, automatically crawling sites, scanning for vulnerabilities, and fuzzing inputs. Settings allow configuring browsers like Chrome and Firefox to route traffic through Burp Suite using plugins. The Spider can automatically discover new pages and parameters, and cookies and tokens can be analyzed for randomness.

Uploaded by

Sk Inayathulla
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
2K views6 pages

Burp Suite Introduction

Burp Suite is a Java-based web penetration testing framework that acts as a proxy to intercept and analyze web requests and responses. It has several tabs like Proxy, Spider, Scanner, and Intruder that allow testing web applications by modifying requests, automatically crawling sites, scanning for vulnerabilities, and fuzzing inputs. Settings allow configuring browsers like Chrome and Firefox to route traffic through Burp Suite using plugins. The Spider can automatically discover new pages and parameters, and cookies and tokens can be analyzed for randomness.

Uploaded by

Sk Inayathulla
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 6

BURP SUITE Chaitanya Dande

INTRODUCTION
BURP SUITE

• Burp Suite is a Java based Web Penetration Testing framework. It has become
an industry standard suite of tools used by information security professionals.
• In its simplest form, Burp Suite can be classified as an Interception Proxy.
• While browsing their target application, a penetration tester can configure
their internet browser to route traffic through the Burp Suite proxy server.
• Burp Suite then acts as a (sort of) Man In The Middle by capturing and
analyzing each request to and from the target web application so that they
can be analyzed.

• https://www.gracefulsecurity.com/introduction-to-burp-suite-pro/
TABS
• Target: This tool allows to aggregate all web application resources, thus guiding the user
throughout the security test.
• Proxy: It is the core component of the tool, which allows to intercept and modify all web traffic.
• Spider: An automatic crawler that can be used to discover new pages and parameters.
• Scanner: A complete web application security scanner, available in the Professional version
only.
• Intruder: Burp Intruder allows to customize and automate web requests. Repeating multiple
times the same request with different content allows to perform fuzzing. Web fuzzing typically
consists of sending unexpected inputs to the target application. This process may help to
identify security flaws.
• Repeater: A simple yet powerful tool that can be used to manually modify and re-issue web
requests.
• Sequencer: Burp Sequencer is the perfect tool for verifying the randomness and predictability of
security tokens, cookies, and more.
• Decoder: It allows to encode and decode data using multiple encoding schemes (for example,
URL encode) or common hash functions (for example, MD5)
• Comparer: A visual diff tool that can be used to detect changes between web pages.
SETTINGS & FOXY PROXY
• Chrome:
• https://chrome.google.com/webstore/detail/foxyproxy-
standard/gcknhkkoolaabfmlnjonogaaifnjlfnp?hl=en

• Mozilla:
• https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
SPIDERING
• A Web crawler, sometimes called a spider or spiderbot and often shortened
to crawler, is an Internet bot that systematically browses the World Wide
Web, typically for the purpose of Web indexing (web spidering).

• https://portswigger.net/blog/burp-2-0-where-are-the-spider-and-scanner

• https://portswigger.net/blog/burps-new-crawler
COOKIES
• http://www.whatarecookies.com/

You might also like