Burp Suite is an integrated platform for performing security testing of web applications. It is designed to support the methodology of a hands-on tester, and gives you complete control over the actions that it performs, and deep analysis of the results. Burp contains several tools that work together to carry out virtually any task you will encounter in your testing. It can automate all kinds of tasks in customizable ways, and lets you combine manual and automated techniques to make your testing faster, more reliable and more fun.
5. TARGET TOOL
SITE MAP
Aggregates all the info the burp has gathered about web app.
We can filter this info to manage.
Display information about content request and response header,
issues and advisory.
Help in price model
6. TARGET TOOL
SCOPE
roughly, the items that you are currently interested in and willing to
attack.
You can tell the Proxy to intercept only in-scope requests and
responses.
The Spider will only follow links that are in scope.
Professional Edition With Burp Scanner, you can automatically
initiate vulnerability scans of in-scope items.
You can configure Intruder and Repeater to follow redirections to
any in-scope URLs.
7. SPIDER
crawl application content using various techniques.
follow all in-scope links, submit forms with dummy data, and make
additional requests (for robots.txt, directory roots, etc.).
registering new user accounts, generating feedback emails, or
changing other application state.
review the Spider settings before use, and ensure that these are
suitable for your application and your requirements.
8. SCANNER
Passive Scanning
analyzes the contents of existing requests and responses, and
deduces vulnerabilities from does.
By default, Burp carries out passive scanning of all traffic passing
through Burp Proxy.
9. SCANNER
Active Scanning
Burp sends various crafted requests to the application, and
analyzes the resulting responses looking for evidence of
vulnerabilities.
capable of identifying a much wider range of vulnerabilities
Manual scanning - You can select requests in other Burp tools (or
entire branches of the Target site map), and use the context menu
to initiate active scans against them.
Live scanning as you browse - You can configure the Scanner
to automatically perform active scans against all in-scope requests
passing through the Proxy as you are browsing the application.
10. AUTOMATED TOOLS
can break your
application
And take time
67% of high impact vulnerabilities required manual
testing to enumerate.
12. INTRUDER
This allows you to perform customized automated attacks, to carry
out all kinds of testing web applications.
Works by taking an HTTP request, modifying the request in various
systematic ways.
For each attack, you must specify one or more sets of payloads, and
the positions in the HTTP request where the payloads are to be
placed.
Enumerating Identifiers
Harvesting Useful Data
13. INTRUDER
Sniper – Sends a single set of payloads to a selected parameter(s)
value to identify vulnerabilities.
Battering Ram – Sends a single payload to all payloads marked at
once. It iterates through the payloads, and places the same payload
into all of the defined payload positions at once.
Pitchfork – Sends a specific payload to each of the selected
parameters in sequence. Each area of interest is passed its own
designated values in a sequenced series of requests.
Cluster Bomb – All payloads are tested with all the variables given
meaning that all permutations of payload combinations are tested.
(WARNING this is the largest and longest attack method often)
14. REPEATER
manually manipulating and reissuing individual HTTP requests, and
analyzing the application's responses again and again
You can use Repeater for all kinds of purposes, such as changing
parameter values to test for input-based vulnerabilities, issuing
requests in a specific sequence to test for logic flaws, and reissuing
requests from burp scanner issues to manually verify reported
issues.
An HTTP message editor containing the request to be issued. You
can edit the request and reissue it over and over.
An HTTP message editor showing the response that was received
from the last issued request.
15. SEQUENCER
Tool for analyzing the quality of randomness in a sample of data
items.
to test an application's session tokens or other important data
items that are intended to be unpredictable, such as anti-CSRF
tokens, password reset tokens, etc.
16. DECODER
simple tool for transforming encoded data into its encoded and
hashed forms.
It is capable of intelligently recognizing several encoding formats
using heuristic techniques.
URL, HTML, Base64, ASCII hex, Hex, Octal, Binary, GZIP
17. CAMPARER
simple tool for performing a comparison (a visual "diff") between
any two items of data
username enumeration conditions, you can compare responses to
failed logins using valid and invalid usernames.
Intruder attack has resulted in some very large responses with
different lengths than the base response, you can compare these to
quickly see where the differences lie.
When testing for blind SQL injection bugs using Boolean condition
injection and other similar tests, you can compare two responses to
see whether injecting different conditions has resulted in a relevant
difference in responses.
20. CONCLUSION
Burp Suite is a great baseline tool to leverage in all your future web
assessments.
Read blogs dozens of web vulnerabilities and potential exploits are
released every day.
Manual testing wins
Humans > machines
Editor's Notes
1) hierarchical representation of content, with URLs broken down into domains, directories, files, and parameterized requests.
2)spider, scan, and analyze target
3)filter
1)
use any automated tools with caution
1)
1)
EI-enumerate valid usernames
HUD-Forgotten password>>extract the password hint for each valid user
EI-enumerate valid usernames
HUD-Forgotten password>>extract the password hint for each valid user
mutilliade
Webgoat>>>auth flaws>>>password strength
Copy token in note pad