What Is Burp Suite
So What Is Burp Suite
What is Burp Suite you ask? Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.
In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed. Penetration testers can pause, manipulate and replay individual HTTP requests in order to analyze potential parameters or injection points. Injection points can be specified for manual as well as automated fuzzing attacks to discover potentially unintended application behaviors, crashes and error messages.
Burp Suite: Related Content
Below are some of Pentest Geek’s articles which feature Burp Suite and are intended for educational purposes.
Burp Suite Tutorial – Web Application Penetration Testing (Part 1) – An introduction to web application penetration testing with Burp Suite. Discusses initial configuration and a basic overview of web testing methodology.
Burp Suite Tutorial – Web Application Penetration Testing (Part 2) – Expanding on the previous tutorial and offering deeper insight into some of the more advanced features and functionality. Targeted for slightly more advanced users.
Credential Harvesting via MiTM – Burp Suite Tutorial – This article explores some potentially malicious use cases for Burp Suite as a Man In The Middle attack vector used to harvest credentials during a penetration test.
Burp Suite: Recommended Reading
We highly recommend you purchase The Web Application Hacker’s Handbook. This book covers every aspect of Burp Suite great detail and should be considered an absolute MUST READ for any professional that is serious about Web Penetration Testing.
As a reminder, Pentest Geek will receive a small commission if you purchase any of these titles by following the affiliate links on this page. Some additional titles you might consider include but are definitely not limited to:
Burp Suite: Source
Burp Suite is created by: PortSwigger Web Security
It is available as a free download with limited, but extremely capable functionality. However, the commercial suite is affordably priced and well worth the investment if you are serious about web penetration testing. You can obtain a licensed copy here: https://portswigger.net/buy/
- Playing With the New Burp Suite REST API
- Burp Suite 2.0 Beta Review
- Attacking Palo Alto Networks PAN-OS ‘readSessionVarsFromFile()’
- GPG Errors While Updating Kali Linux
- Installing Kali NetHunter on HTC Nexus 9
Subscribe To Our Mailing List
Want To Be a Better Pentester
Subscribe to our mailing list and recieve FREE pentest tips, tricks, product reviews, news, article release notifications and more!
The Ultimate Burp Suite Training Program
- Burp Suite
- Forensics and Incident Response
- Information Gathering
- Penetration Testing Tutorials
- Web Applications
Web Application Hacking