2. ● Software Engineer & Researcher at CyberForge Academy
● Final year, B. Tech. CSE @ LPU
● Engaged in Research, Creating course content/setups
● Developing SaaS software and open source tools
● Interned with Web3verse Academy, a Singapore-based startup focused on
Web3 education and Namekart, a domain name brokerage firm.
● Interested in Art and craft 🎨
$ whoami
4. ● Suite of security testing tools
● Used for penetration testing on Web Apps.
● Developed by PortSwigger
● Both Free and paid version
● Cross-platform (Windows/Linux/MacOS)
● Suite includes tools such as :
○ Burp Proxy
○ Burp Spider
○ Burp Intruder
○ Burp Scanner
○ Burp Repeater
What is Burp Suite ?
5. Why Burp Suite?
● Comprehensive Testing Suite
● Identify Vulnerabilities
Example: Discovering XSS flaws by analyzing HTTP responses.
● Customizable Testing
Example: Using Burp Intruder for tailored security assessments.
● Real-Time Monitoring
Example: Intercepting and modifying HTTP requests with Burp Proxy.
11. ● Intercepting proxy tool utilized for various security testing
● Intercepting and analyzing HTTP/S requests and responses.
● Modifying requests and responses to test application behavior.
● Logs HTTP traffic for reviewing, tracking changes, and identifying web
app issues.
● Options-Forward Request , Drop Request , Edit Request
1. Burp Proxy
14. ● Dynamic request modification for HTTP testing
● Automation of attack scenarios like brute-force and
fuzzing
● Customizable payloads for tailored attacks
● Advanced analysis and reporting for efficient
vulnerability identification
2. Burp Intruder
17. ● Automated web application crawler.
● Maps out application structure and discovers URLs and parameters.
● Passive Crawling: Observes traffic flow within Burp Suite to identify
URLs and parameters.
● Active Crawling: Actively sends requests to the target application to
explore and discover new URLs and parameters.
3. Burp Spider
18. Source: Burp Suite Professional
Web Vulnerability Scanner |
E-SPIN Group (e-spincorp.com)
19. ● For Manually modifying and replaying HTTP
requests.
● To review individual requests and analyze
application responses.
● Modify parameters, headers, and payloads to test
application behavior.
4. Burp Repeater
20.
21.
22. ● Automated web vulnerability scanner.
● Identifies security flaws in web applications.
● Two key Phases:
○ Audit: Identifies vulnerabilities in web applications.
○ Crawl: Maps application structure and discovers endpoints.
● Features include vulnerability detection ,customizable scanning
options, scan scheduling, reporting, and scan feedback.
5. Burp Scanner
23. Source: Burp Suite Professional
Web Vulnerability Scanner |
E-SPIN Group (e-spincorp.com)
25. Source: Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack
(thehackernews.com)
26. Source : Millions of hotel doors vulnerable to attack, researchers find | Cybernews
27. Source : Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
28. CREDITS: This presentation template was created by Slidesgo, and includes icons by Flaticon, and infographics & images by Freepik
Thanks!
Do you have any questions?
contact@cyberforge.academy
+91 8837537763
https://cyberforge.academy
https://github.com/CyberForgeAcademy/Workshops