Who am I?

* Application Security Researcher

* Ethical (White Hat) Hacker

* OSCP certified

Twitter:  @parag_dave

Disclosure

* The view expressed are my personal.  

* My employer is not responsible for my talk.

* No offense to anyone

BurpSuite

BurpSuite Proxy - Introduction

BurpSuite is widely used automation framework, created by  PortSwigger Web Security, to perform Security testing.  The suite of products can be used to combine automated and manual testing techniques and consists of a number of different tools, such as a proxy server, a web spider, scanner, intruder, repeater, sequencer, decoder, collaborator and extender.

Burp Proxy It operates as web proxy server and it sits as a man-in-the-middle between the browser and destination web servers. It allows the interception, inspection and modification of the raw traffic passing between client and server.

* Interception Proxy: Designed to give the user control over requests sent to the server.

* Spider: Automatically crawling web applications.

* Repeater: The ability to rapidly repeat/modify specific requests.

* Intruder: Feature that allows automation of custom attacks/payloads.

* Decoder: Decode and encode strings to various formats (URL, Base64, HTML, etc.).

* Comparer: Can highlight differences between requests/responses.

* Scanner: Used for performing automated vulnerability scans of web applications to quickly identify many types of common vulnerabilities

* Burps functionality, with many free extensions available via the BApp store.

Burpsuite Features

* Burp Configure to Browser

* Intercept application and explore request and response

* Intruder Tab

* Repeater Tab

Settings Demo