Scribd Logo
Upload

Welcome to Scribd!

  • 719 views

    Burp Suite Introduction

    Uploaded by

    Sk Inayathulla
    Burp Suite is a Java-based web penetration testing framework that acts as a proxy to intercept and analyze web requests and responses. It has several tabs like Proxy, Spider, Scanner, and Intruder that allow testing web applications by modifying requests, automatically crawling sites, scanning for vulnerabilities, and fuzzing inputs. Settings allow configuring browsers like Chrome and Firefox to route traffic through Burp Suite using plugins. The Spider can automatically discover new pages and parameters, and cookies and tokens can be analyzed for randomness.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Burp Suite Introduction

    Uploaded by

    Sk Inayathulla
    719 views6 pages
    Burp Suite is a Java-based web penetration testing framework that acts as a proxy to intercept and analyze web requests and responses. It has several tabs like Proxy, Spider, Scanner, and Intruder that allow testing web applications by modifying requests, automatically crawling sites, scanning for vulnerabilities, and fuzzing inputs. Settings allow configuring browsers like Chrome and Firefox to route traffic through Burp Suite using plugins. The Spider can automatically discover new pages and parameters, and cookies and tokens can be analyzed for randomness.

    Original Description:

    Burp Suite Introduction

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Burp Suite is a Java-based web penetration testing framework that acts as a proxy to intercept and analyze web requests and responses. It has several tabs like Proxy, Spider, Scanner, and Intruder that allow testing web applications by modifying requests, automatically crawling sites, scanning for vulnerabilities, and fuzzing inputs. Settings allow configuring browsers like Chrome and Firefox to route traffic through Burp Suite using plugins. The Spider can automatically discover new pages and parameters, and cookies and tokens can be analyzed for randomness.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    719 views6 pages

    Burp Suite Introduction

    Uploaded by

    Sk Inayathulla
    Burp Suite is a Java-based web penetration testing framework that acts as a proxy to intercept and analyze web requests and responses. It has several tabs like Proxy, Spider, Scanner, and Intruder that allow testing web applications by modifying requests, automatically crawling sites, scanning for vulnerabilities, and fuzzing inputs. Settings allow configuring browsers like Chrome and Firefox to route traffic through Burp Suite using plugins. The Spider can automatically discover new pages and parameters, and cookies and tokens can be analyzed for randomness.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 6

    BURP SUITE Chaitanya Dande

    INTRODUCTION
    BURP SUITE

    • Burp Suite is a Java based Web Penetration Testing framework. It has become
    an industry standard suite of tools used by information security professionals.
    • In its simplest form, Burp Suite can be classified as an Interception Proxy.
    • While browsing their target application, a penetration tester can configure
    their internet browser to route traffic through the Burp Suite proxy server.
    • Burp Suite then acts as a (sort of) Man In The Middle by capturing and
    analyzing each request to and from the target web application so that they
    can be analyzed.

    • https://www.gracefulsecurity.com/introduction-to-burp-suite-pro/
    TABS
    • Target: This tool allows to aggregate all web application resources, thus guiding the user
    throughout the security test.
    • Proxy: It is the core component of the tool, which allows to intercept and modify all web traffic.
    • Spider: An automatic crawler that can be used to discover new pages and parameters.
    • Scanner: A complete web application security scanner, available in the Professional version
    only.
    • Intruder: Burp Intruder allows to customize and automate web requests. Repeating multiple
    times the same request with different content allows to perform fuzzing. Web fuzzing typically
    consists of sending unexpected inputs to the target application. This process may help to
    identify security flaws.
    • Repeater: A simple yet powerful tool that can be used to manually modify and re-issue web
    requests.
    • Sequencer: Burp Sequencer is the perfect tool for verifying the randomness and predictability of
    security tokens, cookies, and more.
    • Decoder: It allows to encode and decode data using multiple encoding schemes (for example,
    URL encode) or common hash functions (for example, MD5)
    • Comparer: A visual diff tool that can be used to detect changes between web pages.
    SETTINGS & FOXY PROXY
    • Chrome:
    • https://chrome.google.com/webstore/detail/foxyproxy-
    standard/gcknhkkoolaabfmlnjonogaaifnjlfnp?hl=en

    • Mozilla:
    • https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
    SPIDERING
    • A Web crawler, sometimes called a spider or spiderbot and often shortened
    to crawler, is an Internet bot that systematically browses the World Wide
    Web, typically for the purpose of Web indexing (web spidering).

    • https://portswigger.net/blog/burp-2-0-where-are-the-spider-and-scanner

    • https://portswigger.net/blog/burps-new-crawler
    COOKIES
    • http://www.whatarecookies.com/

    You might also like