Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.
1. BURP SUITE PROXY
Nishanth Kumar
n|u Bangalore Chapter Lead
n|u / OWASP / g4h Monthly Meet
17th Oct 2015
2. Who am I ?
• Info Security enthusiast
• Consulting service for enterprises to implement security
• Null moderator
• OWASP Contributor
• @nishanthkumarp
6. BurpSuite Proxy
• Used in any client-server model application testing.
• Commonly used to Intercept http/https request between
client and Server.
• Webapplication , moblie application testing.
• exploiting vulnerabilities, fuzzing web applications,
carrying out brute force attacks
7. BurpSuite Features - 1
• Interception Proxy: Designed to give the user control
over requests sent to the server.
• Repeater: The ability to rapidly repeat/modify specific
requests.
• Intruder: Feature that allows automation of custom
attacks/payloads
• Decoder: Decode and encode strings to various formats
(URL, Base64, HTML, etc.)
8. BurpSuite Features - 2
• Comparer: Can highlight differences between
requests/responses
• Extender: API to extend Burps functionality, with many
free extensions available via the BApp store.
9. BurpSuite Features - 3
• Spider and Discover Content feature: Crawls links on a
web application, and the discover content can be used to
dynamically enumerate unlinked content.
• Scanner (Pro Only): Automated scanner that checks for
web application vulnerabilities (XSS, SQLi, Command
Injection, File Inclusion, etc.)
10. Demo
• Manual Application Walkthrough
• Intercept & Scope Configuration
• Outbound SOCKS Proxy Configuration
• Using The Spider & Discover
• Using The Repeater Tab
• Using The Intruder Tab
• Text Specific Searching
• Using The Automated Scanner