BurpSuite
The Swiss army knife of security tools
Who am I?
* Application Security Researcher
* Ethical (White Hat) Hacker
* OSCP certified
Twitter: @parag_dave
Disclosure
* The view expressed are my personal.
* My employer is not responsible for my talk.
* No offense to anyone
BurpSuite
BurpSuite Proxy - Introduction
BurpSuite is widely used automation framework, created by PortSwigger Web Security, to perform Security testing. The suite of products can be used to combine automated and manual testing techniques and consists of a number of different tools, such as a proxy server, a web spider, scanner, intruder, repeater, sequencer, decoder, collaborator and extender.
Burp Proxy It operates as web proxy server and it sits as a man-in-the-middle between the browser and destination web servers. It allows the interception, inspection and modification of the raw traffic passing between client and server.
* Interception Proxy: Designed to give the user control over requests sent to the server.
* Spider: Automatically crawling web applications.
* Repeater: The ability to rapidly repeat/modify specific requests.
* Intruder: Feature that allows automation of custom attacks/payloads.
* Decoder: Decode and encode strings to various formats (URL, Base64, HTML, etc.).
* Comparer: Can highlight differences between requests/responses.
* Scanner: Used for performing automated vulnerability scans of web applications to quickly identify many types of common vulnerabilities
* Burps functionality, with many free extensions available via the BApp store.
Burpsuite Features
* Burp Configure to Browser
* Intercept application and explore request and response
* Intruder Tab
* Repeater Tab
Settings Demo
Live Demo
BurpSuite
By Parag Dave
BurpSuite
- 566