top of page
Search

What is Burp Suite?

  • Writer: Security Unleashed
    Security Unleashed
  • Jul 14, 2018
  • 2 min read

Updated: Aug 1, 2018


ree

Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.


In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed. Penetration testers can pause, manipulate and replay individual HTTP requests in order to analyze potential parameters or injection points. Injection points can be specified for manual as well as automated fuzzing attacks to discover potentially unintended application behaviors, crashes and error messages.


Glancing Blow


ree

Proxy - where it starts


A proxy is a piece of software (it could be hardware)

• It sits between one thing and another and behaves as the middleman

• Example

– You are at your browser communicating with a web app

– You decide you want a proxy sitting between your browser and the app

– So, you start a proxy server running and then you tell your browser to send

requests to the proxy

– The proxy receives requests from the browser and forwards them to the web

app

– When responses come back, the proxy routes them to you.



ree

Proxy – Why Would You Do This?


Because the proxy provides a service you want

– Encryption of traffic

– Anti-virus scanning

– Keeping track of sites visited

– Stopping you from reaching some sites

– Giving you control over what goes on

– Allowing you to see what is going on in the exchange

– Providing services to make your job easier


The proxy can make your life much simple


Getting Burp Suite


There are two versions

– Professional, about $300/year

– Not so professional, free, and missing some cool stuff


Download it from http://portswigger.net

• It's Java App, so you just download the jar file

• Put it somewhere convenient – /home/opt/BurpSuite or C:/opt/BurpSuite or whatever

• To start it, use – java –jar Burploader.jar

• To run burp in background mode , use – java –jar Burploader.jar &


Using Burp Proxy


Open Burp Suite


ree

Goto Proxy -> Intercept


ree

Goto Proxy -> Options



ree

Configure Burp to run with browser you are using below link.


https://support.portswigger.net/customer/portal/articles/1783055-configuring-your-browser-to-work-with-burp


History Tab

ree

Request Headers



ree

Response

ree

Response Header


ree

Submit Request Parameters



ree

Pop Up Menu


This how you can pass a particular URL to one of the Burp Suite tool.

– Repeater

– Spider

– Active Scan

– Passive Scan

– Intruder



ree


















Comments

©2019 Security Unleashed 

bottom of page