☎️
Contrxl
  • 🏡Home
  • ❓Anonymity Tools
  • ⌨️Cisco
    • Networking Basics
      • Communication in a Connected World
      • Network Components, Types and Connections
      • Wireless and Mobile Networks
      • Home Networking Technologies
      • Communication Protocols
      • Network Media
      • The Access Layer
      • The Internet Protocol
      • IPv4 and Network Segmentation
  • 💾Intune
    • ADMX Configuration
    • App Deployment
    • App Updating/Patching
    • File Deployment
    • Remediations
  • 🎓Learning Links
  • 💻Microsoft
    • 📘Microsoft Portal Links
    • Configure SIEM Security Operations using Microsoft Sentinel
      • Create and Manage Microsoft Sentinel Workspaces
        • Introduction
        • Plan for the Microsoft Sentinel Workspace
        • Create a Microsoft Sentinel Workspace
        • Manage Workspaces Across Tenants Using Azure Lighthouse
        • Understand Microsoft Sentinel Permissions and Roles
        • Manage Microsoft Sentinel Settings
        • Configure Logs
  • 📰News & Information
  • 💡OSINT
    • IP & Domain OSINT
    • Email & Username OSINT
    • Vulnerability OSINT
  • 📚Projects
    • ‼️A Simulation Study of DDoS
  • ⚒️Tools
    • Burp Suite
      • Repeater
      • Intruder
      • Other Modules
    • GoPhish
    • Hydra
    • John the Ripper
    • Metasploit
      • Exploitation
      • Meterpreter
    • NMAP
    • Wireshark
  • 🖥️TryHackMe
    • Learning Paths
      • Complete Beginner
        • 1. Complete Beginner Intro
        • 2. Linux Fundamentals
        • 3. Introductory Networking
        • 3.1 Network Exploitation Basics
        • 4. OWASP Top 10 Exploits
        • 5. Upload Vulnerabilities
        • 5.1 An Example Methodology
        • 6. Cryptography - Hashing
        • 7. Cryptography - Encryption
        • 8. Active Directory Basics
        • 9. What the Shell?
        • 10. Linux Privesc
        • 11. More Linux Privesc
      • Jr Penetration Tester
        • Walking an Application
        • Content Discovery
        • Subdomain Enumeration
        • Authentication Bypass
        • IDOR
        • File Inclusion
        • SSRF
        • XSS (Cross-site Scripting)
        • Command Injection
        • SQL Injection
        • Passive Reconnaissance
        • Active Reconnaissance
        • Protocols and Servers
        • Protocol and Server Attacks
        • Vulnerabilities
        • Exploiting Vulnerabilities
        • Linux Privilege Escalation
        • Windows Privilege Escalation
      • CompTIA Pentest+
        • Planning and Scoping
          • Pentesting Fundamentals
          • Red Team Engagements
          • Governance and Regulation
        • Tools and Code Analysis
          • Metasploit: Introduction
          • Wireshark: The Basics
          • Burp Suite: The Basics
          • Hydra
          • Python Basics
        • Attacks and Exploits
          • Phishing
          • Windows Local Persistence
          • Breaching Active Directory
          • Lateral Movement & Pivoting
Powered by GitBook
On this page
  1. Tools

Burp Suite

Web application penetration testing tool.

Introduction

Burp Suite Community Edition can be downloaded here.

Burp is a framework written in Java for web app penetration testing. Also used commonly in testing mobile applications as the features for web app testing translate directly into testing APIs (Application Programming Interfaces). Burp can capture and manipulate all traffic between an attacker and a web server. It can be used to intercept, view and modify web requests before they are sent to the server. There are various editions of Burp available, Community is the standard free version, Burp Suite Professional and Burp Suite Enterprise require expensive licenses but have powerful features.

Burp Suite Professional comes with:

  • Automated vulnerability scanner

  • Fuzzer/bruteforcer that is not rate limited

  • Saving projects & report generation

  • Built-in API for integration with other tools

  • Unrestricted access to add new extensions

  • Access to Burp Suite Collaborator

Burp Suite Enterprise is used for continuous scanning, it can periodically scan web apps for vulnerabilities.

Features of Burp Suite Community

  • Proxy : allows interception and modification of requests/responses when interacting with web apps.

  • Repeater : allows the capture, modification and resending of a request numerous times.

  • Intruder : rate limited in Community, allows an endpoint to be sprayed with requests.

  • Decoder : helps transform data by decoding captured info or encoding a payload.

  • Comparer : allows comparison of two pieces of data at a word or byte level.

  • Sequencer : assesses randomness of tokens like cookie values or random data, if it is not truly random, it opens avenues for attack

Last updated 11 months ago

⚒️
  • Introduction
  • Features of Burp Suite Community