Scribd
Upload
112 views3 pages

Notes On Burp Suite

Uploaded by

demiladephilus
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
112 views3 pages

Notes On Burp Suite

Uploaded by

demiladephilus
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Notes on Burp suite

Burp Suite is a Java-based framework designed to


serve as a comprehensive solution for conducting
web application penetration testing.

Burp Suite captures and enables manipulation of


all the HTTP/HTTPS traffic between a browser and
a web server.

1. Burp Suite Professional is an unrestricted version of Burp


Suite Community. It comes with features such as:
 An automated vulnerability scanner.
 A fuzzer/brute-forcer that isn't rate limited.
 Saving projects for future use and report generation.
 A built-in API to allow integration with other tools.
 Unrestricted access to add new extensions for greater
functionality.
 Access to the Burp Suite Collaborator (effectively
providing a unique request catcher self-hosted or running
on a Portswigger-owned server).

In short, Burp Suite Professional is a highly potent tool, making


it a preferred choice for professionals in the field.

2. Burp Suite Enterprise, in contrast to the community and


professional editions, is primarily utilized for continuous
scanning. It features an automated scanner that periodically
scans web applications for vulnerabilities, similar to how tools
like Nessus perform automated infrastructure scanning. Unlike
the other editions, which allow manual attacks from a local
machine, Burp Suite Enterprise resides on a server and
constantly scans the target web applications for potential
vulnerabilities.

Features of Burp suite Community(the free


version)
 Proxy: The Burp Proxy is the most renowned aspect of Burp
Suite. It enables interception and modification of requests and
responses while interacting with web applications.
 Repeater: Another well-known feature. Repeater allows for
capturing, modifying, and resending the same request multiple
times. This functionality is particularly useful when crafting
payloads through trial and error (e.g., in SQLi - Structured
Query Language Injection) or testing the functionality of an
endpoint for vulnerabilities.
 Intruder: Despite rate limitations in Burp Suite
Community, Intruder allows for spraying endpoints with
requests. It is commonly utilized for brute-force attacks or
fuzzing endpoints.
 Decoder: Decoder offers a valuable service for data
transformation. It can decode captured information or encode
payloads before sending them to the target. While alternative
services exist for this purpose, leveraging Decoder within Burp
Suite can be highly efficient.
 Comparer: As the name suggests, Comparer enables the
comparison of two pieces of data at either the word or byte
level. While not exclusive to Burp Suite, the ability to send
potentially large data segments directly to a comparison tool
with a single keyboard shortcut significantly accelerates the
process.
 Sequencer: Sequencer is typically employed when assessing the
randomness of tokens, such as session cookie values or other
supposedly randomly generated data. If the algorithm used for
generating these values lacks secure randomness, it can expose
avenues for devastating attacks.

You might also like