What Is Burp Suite - Pentest Tool Description

What Is Burp Suite

What Is Burp Suite

So What Is Burp Suite

What is Burp Suite you ask? Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed. Penetration testers can pause, manipulate and replay individual HTTP requests in order to analyze potential parameters or injection points. Injection points can be specified for manual as well as automated fuzzing attacks to discover potentially unintended application behaviors, crashes and error messages.

Burp Suite: Related Content

Below are some of Pentest Geek’s articles which feature Burp Suite and are intended for educational purposes.

Burp Suite Tutorial – Introduction To Burp Suite – This five part video series is where your Burp Suite journey should begin. Start here if you are a Burp Suite beginner. Learn how to fully optimize Burp Suite for maximum effectiveness and capability.

Start Watching

Burp Suite Tutorial 1

Burp Suite Tutorial – Web Application Penetration Testing (Part 1) – An introduction to web application penetration testing with Burp Suite. Discusses initial configuration and a basic overview of web testing methodology.

Read More

Burp Suite Tutorial 2

Burp Suite Tutorial – Web Application Penetration Testing (Part 2) – Expanding on the previous tutorial and offering deeper insight into some of the more advanced features and functionality. Targeted for slightly more advanced users.

Read More

Burp Suite Credential Harvesting

Credential Harvesting via MiTM – Burp Suite Tutorial – This article explores some potentially malicious use cases for Burp Suite as a Man In The Middle attack vector used to harvest credentials during a penetration test.

Read More

Burp Suite: Recommended Reading

We highly recommend you purchase The Web Application Hacker’s Handbook. This book covers every aspect of Burp Suite great detail and should be considered an absolute MUST READ for any professional that is serious about Web Penetration Testing.

As a reminder, Pentest Geek will receive a small commission if you purchase any of these titles by following the affiliate links on this page. Some additional titles you might consider include but are definitely not limited to:

Burp Suite: Source

Burp Suite is created by: PortSwigger Web Security
It is available as a free download with limited, but extremely capable functionality. However, the commercial suite is affordably priced and well worth the investment if you are serious about web penetration testing. You can obtain a licensed copy here: https://portswigger.net/buy/

1 Comment
  • I would like to know if I will get a support in case I got stuck in the lab by some reason. Thanks.

  • Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Share This

    Recent Posts

    Subscribe To Our Mailing List

    The Ultimate Burp Suite Training Program

    Learn Network Penetration Testing

    Penetration Testing



    Web Application Hacking

    Copyright 2024


    FREE Burp Suite Training

    Take your web hacking skills to the next level.  Download a pre-configured virtual lab and start learning Burp Suite today!

    You have Successfully Subscribed!