adam's notes

Burp Suite

Burp Suite is a proprietary interception proxy and web application assessment tool.

  • is a web security testing platform for web application vulnerabilities
  • developed and maintained by PortSwigger Web Security (portswigger.net)
  • can perform automated tasks such as:
    • content discovery
    • fuzzing
    • password attacks
    • injection attacks
    • vulnerability scans
    • and much more
  • available as a
    • feature-restricted community edition
    • subscription-based professional edition
      • has most advanced and automated features
  • includes an integrated browser pre-configured to use the intercepting proxy
    • browser activity is captured, or “intercepted,” and displayed on the Proxy Intercept tab
    • proxy controls browsing activity
      • so each request is “held” until the tester is ready to proceed
        • allows the request to be inspected and potentially modified to manipulate the web application’s operation
          • e.g., changing content-type parameters, cookie values, data values
  • Intercepted content can be manipulated by the intruder feature
    • can quickly identify the vulnerable elements on a page
    • provide numerous automated methods to exploit them
  • summary report provides details for each identified issue
    • can be further evaluated using other tool features

Interception Proxy

An interception proxy analyzes how web applications operate by controlling and displaying the data and code that passes between a client (browser) and a web application.

  • intercepts inbound and outbound communication for review or modification before processing or forwarding it
    • allows for potent application testing and evaluation
  • used in dynamic code analysis
  • essential tool for pen-testing and attacks

Resources

Graph View

Backlinks