Professional Documents
Culture Documents
Burp Suite Manual
Burp Suite Manual
Information Security
Burp Suite (Web App HT)
\
Group 9
Degree: BSCS
University of Gujrat
Manual on How to hack a web app using a burp suite
Before Diving into How can we test the security of a Website, lets go
through some basics
What is Burp Suite?
Burp Suite is an integration of various tools on SearchSecurity.in. put together for performing security
testing of Web applications. Burp Suite helps the penetration tester in the entire testing process from the
mapping phase through to identifying vulnerabilities and exploiting them. This Burp Suite guide series
will help you understand the framework and make use of the features in various scenarios. The various
features of Burp Suite are shown in Figure 1. These include proxy, spider, intruder, repeater, sequencer,
decoder and comparer. As we move ahead in this Burp Suite guide, we shall learn how to make use of
them seamlessly.
Burp Proxy
Burp proxy: Using Burp proxy , one can intercept the traffic between the browser and target application.
This option works in similar fashion to the man-in-the-middle attack vector.
Steps
Here you will see all the request and response of all domains
To see the request and response of any domain , select the domain
3. How can we stop a request going to server and change it according to our
own requirements?
Go to Proxy >>> Intercept Tab
Even when you search something on your browser, your browser wont load anything, its because the request is
not forwarding
Now we can modify the request through the burp suite
In the left pane, you will see all the domain that went through your proxy
You can also see all the links that you have visited while the burp proxy is active
You can also see the hidden files and directories that are hard to reach
by normal users
This is how the request and responses can be hacked using burp suite