What Is Burpsuite
So What Is Burpsuite
What is Burpsuite you ask? Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals to identify vulnerabilities and verify attack vectors for web-based applications.
In its simplest form, Burpsuite can be classified as an Interception Proxy. A penetration tester configures their Internet browser to route traffic through the proxy which then acts as a sort of Man In The Middle by capturing and analyzing each request and response to and from the target web application. Individual HTTP requests can be paused, manipulated and replayed back to the web server for targeted analysis of parameter specific injection points. Injection points can be specified for manual as well as automated fuzzing attacks to discover potentially unintended application behaviors, crashes and error messages.
Burpsuite is created by: PortSwigger Web Security
It is available as a free download with limited but extremely capable functionality. However, the commercial suite is affordably priced and well worth the investment if you are serious about web penetration testing. You can obtain a licensed copy here: https://portswigger.net/buy/
Burpsuite: Related Content
Below are some of Pentest Geek’s articles which feature Burpsuite and are intended for educational purposes. If you desire a more complete understanding of the many capabilities and features you might enjoy purchasing the Web Application hackers Handbook.
- Burpsuite Tutorial – Web Application Penetration Testing (Part 1) – An introduction to web application penetration testing with Burpsuite. Discusses initial configuration and a basic overview of web testing methodology.
- Burpsuite Tutorial – Web Application Penetration Testing (Part 2) – Expanding on the previous tutorial and offering deeper insight into some of the more advanced features and functionality. Targeted for slightly more advanced users.
- Credential Harvesting via MiTM – Burpsuite Tutorial – This article explores some potentially malicious use cases for Burpsuite as a Man In The Middle attack vector used to harvest credentials during a penetration test.
Subscribe to Pentest Geek
Follow Pentest Geek
- How To Install Metasploit Framework Ubuntu 14.04
- How to Install Nmap From Source
- Another Lap Around Microsoft LAPS
- Credential Harvesting via MiTM – Burp Suite Tutorial
- SSL Certificate from letsencrypt.org – Setup Guide
- Forensics and Incident Response
- Information Gathering
- Penetration Testing Tutorials
- Web Applications