What Is Burp Suite

What Is Burp Suite

So What Is Burp Suite

What is Burp Suite you ask? Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed. Penetration testers can pause, manipulate and replay individual HTTP requests in order to analyze potential parameters or injection points. Injection points can be specified for manual as well as automated fuzzing attacks to discover potentially unintended application behaviors, crashes and error messages.

Burp Suite: Related Content

Below are some of Pentest Geek’s articles which feature Burp Suite and are intended for educational purposes.

Burp Suite Tutorial 1

Burpsuite Tutorial – Web Application Penetration Testing (Part 1) – An introduction to web application penetration testing with Burpsuite. Discusses initial configuration and a basic overview of web testing methodology.

Read More


Burp Suite Tutorial 2

Burpsuite Tutorial – Web Application Penetration Testing (Part 2) – Expanding on the previous tutorial and offering deeper insight into some of the more advanced features and functionality. Targeted for slightly more advanced users.

Read More


Burp Suite Credential Harvesting

Credential Harvesting via MiTM – Burpsuite Tutorial – This article explores some potentially malicious use cases for Burpsuite as a Man In The Middle attack vector used to harvest credentials during a penetration test.

Read More


Recommended Reading

We highly recommend you purchase The Web Application Hacker’s Handbook. This book covers every aspect of Burp Suite great detail and should be considered an absolute MUST READ for any professional that is serious about Web Penetration Testing.

As a reminder, Pentest Geek will receive a small commission if you purchase any of these titles by following the affiliate links on this page. Some additional titles you might consider include but are definitely not limited to:

Burp Suite: Source

Burpsuite is created by: PortSwigger Web Security
It is available as a free download with limited, but extremely capable functionality. However, the commercial suite is affordably priced and well worth the investment if you are serious about web penetration testing. You can obtain a licensed copy here: https://portswigger.net/buy/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share This

Recent Posts

Subscribe To Our Mailing List

Latest Course

Penetration Testing

Categories

Metasploit

Web Application Hacking


Copyright 2018

css.php

Learn to Master Burp Suite

Enter your email address to recieve a FREE video lesson from our advanced Burp Suite penetration testing course.  Attacking Web Applications with Burp Suite!

Thank you for requesting a free Burp Suite video. You will receive an email with a link to view the video shortly!