While I’m not intending, at least at this stage, to write a longer series, if there’s enough interest, it just may end up that way. Given that, I decided to write this short introductory Burp Suite guide for other newcomers like me. Yes, there are loads of tutorials and blog posts about it.īut at least to this newbie, they seem to assume a lot of prior information and understanding. To be honest though, at first it wasn’t a tool which I found particularly (visually) appealing.Īdditionally, I didn’t find it that simple to get started with either - especially as a newcomer! I hope that you can see that just from this short list, it’s a pretty powerful tool. You can perform passive scans looking for information disclosure, and insecure use of SSL.Īnd this is just a fraction of what’s on offer. You can perform active scans, such as OS command injection and file path traversal. You can automatically modify responses by creating rules that operate on a range of criteria, including headers, and request parameters.Īdvanced scanning. You can intercept requests and responses, whether that’s just to view, modify, or drop them. Intercepts browser traffic using a man-in-the-middle proxy. You can scan for SQL injection and cross-site scripting (XSS) vulnerabilities, as well as for all vulnerabilities in the OWASP top 10. Here’s a quick overview of what’s on offer: While not the best looking tool (at least from my personal perspective), it has an absolute plethora of functionality for testing web application security. It is a proxy through which you can direct all requests, and receive all responses, so that you can inspect and interrogate them in a large variety of ways. The tool is written in Java and developed by PortSwigger Security. If you’re not familiar with Burp Suite, here’s a brief overview, from Wikipedia:īurp or Burp Suite is a graphical tool for testing Web application security. And one of the tools that I’ve started using is an open source tool called Burp Suite.īefore I took on the role, I’d only heard a little about the software, when Dale Meredith briefly mentioned it in the Ethical Hacking course, which I took recently.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |