Burp has been around for years now; it is a collection of multiple tools built in Java by PortSwigger web security. It has various products, such as Decoder
, Proxy
, Scanner
, Intruder
, Repeater
, and so on. Burp features an Extender
, which allows a user to load different extensions that can be used to make pentesting even more efficient! You will learn about some of them in the upcoming recipes.
Let's take a look at how we can use Burp effectively:
- Kali already has a free version of Burp, but we will need a full version to fully use its features. So, we open up Burp:
- Click on
Start Burp
and we will see the Burp load up:
- Before we start hunting for bugs, we first install some extensions that may come in handy. Select
BApp Store
from theExtender
menu:
- We will see a list of extensions. Some of the extensions we will have to install are as follows:
J2EEScan
Wsdler
Java Deserialization Scanner
HeartBleed
- Click on
Install
after selecting each of these extensions.
- Once...