What Is Burp Suite - Pentest Tool Description

What Is Burp Suite

What Is Burp Suite

So What Is Burp Suite

What is Burp Suite you ask? Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed. Penetration testers can pause, manipulate and replay individual HTTP requests in order to analyze potential parameters or injection points. Injection points can be specified for manual as well as automated fuzzing attacks to discover potentially unintended application behaviors, crashes and error messages.

Burp Suite: Related Content

Below are some of Pentest Geek’s articles which feature Burp Suite and are intended for educational purposes.

Burp Suite Tutorial – Introduction To Burp Suite – This five part video series is where your Burp Suite journey should begin. Start here if you are a Burp Suite beginner. Learn how to fully optimize Burp Suite for maximum effectiveness and capability.

Start Watching

Burp Suite Tutorial 1

Burp Suite Tutorial – Web Application Penetration Testing (Part 1) – An introduction to web application penetration testing with Burp Suite. Discusses initial configuration and a basic overview of web testing methodology.

Read More

Burp Suite Tutorial 2

Burp Suite Tutorial – Web Application Penetration Testing (Part 2) – Expanding on the previous tutorial and offering deeper insight into some of the more advanced features and functionality. Targeted for slightly more advanced users.

Read More

Burp Suite Credential Harvesting

Credential Harvesting via MiTM – Burp Suite Tutorial – This article explores some potentially malicious use cases for Burp Suite as a Man In The Middle attack vector used to harvest credentials during a penetration test.

Read More

Burp Suite: Recommended Reading

We highly recommend you purchase The Web Application Hacker’s Handbook. This book covers every aspect of Burp Suite great detail and should be considered an absolute MUST READ for any professional that is serious about Web Penetration Testing.

As a reminder, Pentest Geek will receive a small commission if you purchase any of these titles by following the affiliate links on this page. Some additional titles you might consider include but are definitely not limited to:

Burp Suite: Source

Burp Suite is created by: PortSwigger Web Security
It is available as a free download with limited, but extremely capable functionality. However, the commercial suite is affordably priced and well worth the investment if you are serious about web penetration testing. You can obtain a licensed copy here: https://portswigger.net/buy/

Burp Suite: Become a Web App Penetration Tester

How I fell in love with web hacking and why Burp Suite was such a critical component!

Get Started For Only $37.00

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share This

Recent Posts

Subscribe To Our Mailing List

Become a Web App Penetration Tester

Penetration Testing



Web Application Hacking

Copyright 2018


The Ultimate Guide to Burp Suite

Learn how Web Application Penetration Testers make 6-Figures doing what they love, hacking into systems!

Thank you for requesting a free Burp Suite video. You will receive an email with a link to view the video shortly!