Burp Suite Essentials

Book Image

Burp Suite Essentials

By : Akash Mahajan

Book Image

Burp Suite Essentials

By: Akash Mahajan

Overview of this book

Burp Suite Essentials

Burp Suite Essentials

Credits

About the Author

About the Author

Acknowledgments

Acknowledgments

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

Getting Started with Burp

Getting Started with Burp

Starting Burp from the command line

Specifying memory size for Burp

Ensuring that IPv4 is allowed

Working with other JVMs

Configuring Browsers to Proxy through Burp

Configuring Browsers to Proxy through Burp

Configuring widely used browsers to proxy through Burp Suite

Setting the Scope and Dealing with Upstream Proxies

Setting the Scope and Dealing with Upstream Proxies

Multiple ways to add targets to the scope

Scope and Burp Suite tools

Scope inclusion versus exclusion

Dropping out-of-scope requests

Dealing with upstream proxies and SOCKS proxies

SSL and Other Advanced Settings

SSL and Other Advanced Settings

Importing the Burp certificate in Mozilla Firefox

Importing the Burp certificate in Microsoft IE and Google Chrome

Installing the Burp certificate in iOS or Android

SSL pass-through

Invisible Proxy

Using Burp Tools As a Power User – Part 1

Using Burp Tools As a Power User – Part 1

The Message Analysis tab

Actions on the intercepted requests

Using Burp Tools As a Power User – Part 2

Using Burp Tools As a Power User – Part 2

Searching, Extracting, Pattern Matching, and More

Searching, Extracting, Pattern Matching, and More

Grep - Match and Grep - Extract

Using Engagement Tools and Other Utilities

Using Engagement Tools and Other Utilities

Target Analyzer

Content Discovery

CSRF proof of concept Generator

Using Burp Extensions and Writing Your Own

Using Burp Extensions and Writing Your Own

Setting up the Python runtime for Burp Extensions

Setting up the Ruby environment for Burp Extensions

Loading and installing a Burp Extension from the Burp App Store

Loading and installing a Burp Extension manually

Managing Burp Extensions

Writing our own Burp Extensions

Noteworthy Burp Extensions

Saving Securely, Backing Up, and Other Maintenance Activities

Saving Securely, Backing Up, and Other Maintenance Activities

Saving and restoring a state

Automatic backups

Scheduled tasks

Logging all activities

Resources, References, and Links

Resources, References, and Links

Primary references

Web application security testing with Burp

Miscellaneous security testing tutorials with Burp Suite

Pentesting thick clients

Testing mobile applications for web security using Burp Suite

Extensions references

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Pentesting thick clients

Pentesting thick clients can be done in the following two ways:

Pentesting Java Thick Applications with Burp JDSer: https://www.netspi.com/blog/entryid/67/pentesting-java-thick-applications-with-burp-jdser
"Reversing" Non-Proxy Aware HTTPS Thick Clients w/ Burp: http://blog.spiderlabs.com/2014/02/reversing-non-proxy-aware-https-thick-clients-w-burp.html