Burp Suite Essentials

Book Image

Burp Suite Essentials

By : Akash Mahajan

Book Image

Burp Suite Essentials

By: Akash Mahajan

Overview of this book

Burp Suite Essentials

Burp Suite Essentials

Credits

About the Author

About the Author

Acknowledgments

Acknowledgments

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

Getting Started with Burp

Getting Started with Burp

Starting Burp from the command line

Specifying memory size for Burp

Ensuring that IPv4 is allowed

Working with other JVMs

Configuring Browsers to Proxy through Burp

Configuring Browsers to Proxy through Burp

Configuring widely used browsers to proxy through Burp Suite

Setting the Scope and Dealing with Upstream Proxies

Setting the Scope and Dealing with Upstream Proxies

Multiple ways to add targets to the scope

Scope and Burp Suite tools

Scope inclusion versus exclusion

Dropping out-of-scope requests

Dealing with upstream proxies and SOCKS proxies

SSL and Other Advanced Settings

SSL and Other Advanced Settings

Importing the Burp certificate in Mozilla Firefox

Importing the Burp certificate in Microsoft IE and Google Chrome

Installing the Burp certificate in iOS or Android

SSL pass-through

Invisible Proxy

Using Burp Tools As a Power User – Part 1

Using Burp Tools As a Power User – Part 1

The Message Analysis tab

Actions on the intercepted requests

Using Burp Tools As a Power User – Part 2

Using Burp Tools As a Power User – Part 2

Searching, Extracting, Pattern Matching, and More

Searching, Extracting, Pattern Matching, and More

Grep - Match and Grep - Extract

Using Engagement Tools and Other Utilities

Using Engagement Tools and Other Utilities

Target Analyzer

Content Discovery

CSRF proof of concept Generator

Using Burp Extensions and Writing Your Own

Using Burp Extensions and Writing Your Own

Setting up the Python runtime for Burp Extensions

Setting up the Ruby environment for Burp Extensions

Loading and installing a Burp Extension from the Burp App Store

Loading and installing a Burp Extension manually

Managing Burp Extensions

Writing our own Burp Extensions

Noteworthy Burp Extensions

Saving Securely, Backing Up, and Other Maintenance Activities

Saving Securely, Backing Up, and Other Maintenance Activities

Saving and restoring a state

Automatic backups

Scheduled tasks

Logging all activities

Resources, References, and Links

Resources, References, and Links

Primary references

Web application security testing with Burp

Miscellaneous security testing tutorials with Burp Suite

Pentesting thick clients

Testing mobile applications for web security using Burp Suite

Extensions references

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Grep - Match and Grep - Extract

Grep is the simplest and most used command-line tool on Linux/Unix to match and extract data based on patterns, which can be simple string comparisons or regular expressions.

We can use Grep - Match to quickly identify requests/responses that we get in the Intruder results to filter these results based on certain conditions. Matches are shown in a new column, which we can sort to quickly make sense of the output.

The default values provided to us are good to use, and we can add more based on our requirement. Have a look at the following screenshot:

We can add more keywords, set the match type to be simple strings or regular expression patterns, and load more from our list of keywords. It is great for analysis of output from the Intruder tool!

Grep - Extract allows us to extract data using the response extraction rules for the requests made in Intruder. As in Grep - Match, a new column will list extracted data in a new column. Response extraction is useful in...