Download Instant Burp Suite Starter PDF

TitleInstant Burp Suite Starter
LanguageEnglish
File Size2.1 MB
Total Pages70
Table of Contents
                            Cover
Copyright
Credits
About the Author
About the Reviewers
www.packtpub.com
PacktLib.packtpub.com
Table of Contents
Instant Burp Suite Starter
	So, what is Burp Suite?
	Installation
		Step 1 – What do I need?
		Step 2 – Downloading Burp Suite
		Step 3 – Launching Burp Suite
			Windows
			Linux and Mac OS X
		Step 4 – Verify Burp Proxy configuration
		Step 5 – Configuring the browser
			Mozilla Firefox
			Microsoft Internet Explorer
		And that's it!!
			One more thing...
	Quick start – Using Burp Proxy
		Step 1 – Intercepting web requests
		Step 2 – Inspecting web requests
		Step 3 – Tampering web requests
		Advanced features
			Match and replace
			HTML modification
	Top 8 features you need to know about
		1 – Using the target site map functionality
		2 – Crawling a web application with Burp Spider
		3 – Launching an automatic scan with Burp Scanner
		4 – Automating customized attacks with Burp Intruder
			Configuring the target
			Configuring the attack type and positions
			Configuring payloads
			Additional Burp Intruder options
			Launching an attack
		5 – Manipulating and iterating web requests with Burp Repeater
		6 – Analysing application data randomness with Burp Sequencer
		7 – Decoding and encoding data with Burp Decoder
		8 – Comparing site maps
	People and places you should get to know
		Official sites
		Articles and tutorials
		Community
		Blog
		Twitter
                        
Document Text Contents
Page 35

24

Instant Burp Suite Starter

This mechanism allows you to quickly import requests/responses in all Burp Suite tools by
selecting one the following items:

Ê Spider this branch to activate Burp Spider

Ê Actively/Passively scan this branch to start an automatic scan with Burp Scanner
(available in the professional version only)

Ê Send to intruder to launch customized attacks

Ê Send to repeater to modify and re-iterate the same request over and over

Ê Send to sequencer to analyze application data predictability

Ê Send to comparer (request/response) to visually compare multiple requests
or response

These functionalities will be described in the following sections of this chapter.

In addition, the contextual menu allows to reproduce HTTP requests and responses in the
browser. This is particularly useful to verify the behavior of a specific browser during the analysis
of client-side attacks (for example, Cross-Site Scripting, UI redressing, and so on).

1. Select a request from the site map tree.

2. Right-click and select request in browser.

3. Choose to either use the current browser session or the original session option, which
makes Burp—using the session token —available in the saved request (if applicable).

4. A pop-up window will display a virtual URL (for example. http://burp/repeat/0).
Click on copy.

5. In the browser, paste the URL by pressing Ctrl + V or using the corresponding command
from the toolbar menu.

6. Finally, press Enter to emulate the request within the browser

During the course of your security testing, consult the site map to verify that you have analyzed
all application entry points. Burp tools such as Burp Spider will help you to automatically
populate the site map. Resources that have been already requested by the tool are marked
in black, whereas endpoints that are linked by other resources, but haven't been retrieved
by Burp, are marked in gray.

2 – Crawling a web application with Burp Spider
Burp Spider allows to automatically crawl web applications and retrieve visible and hidden
resources. The tool uses a combination of techniques to maximize the result, including following
links discovered in previously saved HTTP responses and automatically submitting web forms.

www.it-ebooks.info

http://burp/repeat/0
http://www.it-ebooks.info/

Similer Documents