Scribd
Upload
5 views

burpsuitePT

The document provides an overview of BurpSuite, a web security testing tool, detailing its features such as Proxy, Scanner, and Intruder, among others. It includes instructions for configuring BurpSuite on browsers and highlights its tools for intercepting, modifying, and analyzing web traffic. The conclusion emphasizes BurpSuite's effectiveness in vulnerability detection and its availability in multiple editions.

Uploaded by

anandchaitanya2004
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
5 views

burpsuitePT

The document provides an overview of BurpSuite, a web security testing tool, detailing its features such as Proxy, Scanner, and Intruder, among others. It includes instructions for configuring BurpSuite on browsers and highlights its tools for intercepting, modifying, and analyzing web traffic. The conclusion emphasizes BurpSuite's effectiveness in vulnerability detection and its availability in multiple editions.

Uploaded by

anandchaitanya2004
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

Course Name:Ethical Hacking

Topic: BurpSuite
Prepared By: Prince Tiwari and Priyanshu Rose
Department of Computer Engineering
CONTENTS

1. Introduction to BurpSuite
2. Features
3. Configuration on Browser
4. BurpSuite Tools - Interceptor, Repeater, Intruder, Decoder,
Collaborator

5. Conclusion
Objectives
Objectives

1. To discuss about BurpSuite


2. To discuss about all options of BurpSuite

Course Outcomes

1. We will able to know about Testing in


BurpSuite
2. Command along with options
Introduction to BurpSuite
 BurpSuite is called the Swiss Army knife of Appsec tools
 Burp Proxy is an intercepting web proxy that operates as
a man-in-the-middle between the end browser and the
target web application.
 It lets you intercept, inspect and modify the raw traffic
passing in both directions.

Request Request
Browser BurpSuite Server
Response Response
FEATURES OF BURPSUITE
1. Proxy: Intercept and modify HTTP/S traffic between a browser and the target web application.
2. Scanner: Automated scanning for common vulnerabilities like SQL injection, XSS, and CSRF.
3. Spider: Crawls web applications to discover and map out their structure and content.
4. Repeater: Allows manual testing by repeating and modifying individual requests.
5. Intruder: Performs automated attacks on web applications, such as fuzzing and brute force.
6. Sequencer: Analyzes the randomness of session tokens or other data to assess their security.
7. Decoder: Converts data between various encodings and formats.
8. Comparer: Compares two requests or responses to identify differences, useful for identifying
vulnerabilities.
9. Extensibility: Burp Suite can be extended through its extensive API and support for custom plugins.
10.Collaborator: Integrates with Burp Collaborator to detect out-of-band vulnerabilities.
CONFIGURING BURPSUITE ON BROWSER

• BurpSuite is available in Enterprise,


Professional and Community Edition
• It is preferred to use BurpSuite with Firefox, to
prevent it from interfering with the network
traffic
• Select the Manual Proxy configuration under
Network settings and update the configuration
CONFIGURING BURPSUITE ON BROWSER
CONFIGURING BURPSUITE ON BROWSER

 Navigate to http://burp from the browser and


download and install the Burp certificate (from the link
on the top right corner) OR
 Download the certificate from the
Import/Export CA certificate option under Proxy
Listeners (export in DER format)
 Import this certificate under Brower’s certificate
settings and choose it to identify websites.
BURPSUITE TOOLS: PROXY

• Most basic function of


BurpSuite
• Used to Tamper requests
and responses
• Usage
• Observing the Raw
Request, finding hidden
parameters
• Tampering the request
before sending it to the
server
• Bypassing client side
validations

F
o
r
BURPSUITE TOOLS: REPEATER

• Simple tool for manipulating and


reissuing individual requests
and analyzing responses
• Works like a scratchpad while
testing applications
• Usage
• Replaying the
request without having to run
the scenarios on front-end
• Manipulating the parameter
values to observe the change in
Response
• Select ‘Send to Repeater’ on right
click to send the intercepted
Request to Repeater
BURPSUITE TOOLS: INTRUDER

• A powerful tool for carrying out


automated attacks against
applications
• Usage
• Brute-forcing login requests is
the most common use
• Fuzzing the parameter with a
range of values
This can be further used to exploit
an Injection attack.
• Select ‘Send to Intruder’ on right
click to send the intercepted
Request to Intruder
BURPSUITE TOOLS: DECODER

• Used to Encode/Decode values in


different encoding/hashing formats
• The Smart decode feature detect
and decodes the data by analyzing
it’s encoding type
• Usage
• Encode/Decode parameter/token
values
• Encoding payloads for filter
invasion
BURPSUITE TOOLS: COLLABORATOR

• Network service that Burpsuite uses


to discover external service
interaction
• Usage
• Detect blind injection attacks and
service specific vulnerabilities.
• External service interaction.
• Can also be used to validate SSRF
issues
BURPSUITE TOOLS: EXTENDER

• There are numerous apps available


on the BApp Store for adding
functionality to your already
loaded BurpSuite
• Prerequisites – The locations of
the interpreter jar files should be
mentioned under ‘Options’
CONCLUSION

•Burp Suite is a comprehensive web security testing tool.

•It offers flexibility, effective vulnerability detection, and interception capabilities.

•Features automated scanning, detailed reporting, and active community support.

•Regular updates, integration capabilities, and available in both professional and free
editions.
Thank You!!

You might also like