Book Image

Hands-On Application Penetration Testing with Burp Suite

By : Carlos A. Lozano, Dhruv Shah, Riyaz Ahemed Walikar
Book Image

Hands-On Application Penetration Testing with Burp Suite

By: Carlos A. Lozano, Dhruv Shah, Riyaz Ahemed Walikar

Overview of this book

Burp suite is a set of graphic tools focused towards penetration testing of web applications. Burp suite is widely used for web penetration testing by many security professionals for performing different web-level security tasks. The book starts by setting up the environment to begin an application penetration test. You will be able to configure the client and apply target whitelisting. You will also learn to setup and configure Android and IOS devices to work with Burp Suite. The book will explain how various features of Burp Suite can be used to detect various vulnerabilities as part of an application penetration test. Once detection is completed and the vulnerability is confirmed, you will be able to exploit a detected vulnerability using Burp Suite. The book will also covers advanced concepts like writing extensions and macros for Burp suite. Finally, you will discover various steps that are taken to identify the target, discover weaknesses in the authentication mechanism, and finally break the authentication implementation to gain access to the administrative console of the application. By the end of this book, you will be able to effectively perform end-to-end penetration testing with Burp Suite.
Table of Contents (19 chapters)
Title Page
Copyright and Credits
Contributors
About Packt
Preface
12
Exploiting and Exfiltrating Data from a Large Shipping Corporation
Index

Getting to know Burp Suite better


In this section, we are going to look at the rich set of features and capabilities Burp Suite provides the tester with. We will also be looking at the quick fixes that help automate the whole pentesting process with a low number of false positives. This will help beginners to understand the awesome capabilities that Burp provides when it comes to penstesting applications over the web.

Features of Burp Suite

Burp Suite has a wide array of options that allow us to do pentesting efficiently. Once you open Burp Suite, you will see the following tabs:

  • Dashboard
  • Target
  • Proxy
  • Intruder
  • Repeater
  • Sequencer
  • Decoder
  • Comparer
  • Extender
  • Project Options
  • User Options

This is how it looks on Burp Suite:

Let's go ahead and understand all these options one by one so that we are well aware of the capabilities from here onward whenever we perform a pentest in the later chapters.

Dashboard

The Burp Suite Dashboard is divided into the following three sections:

  • Tasks
  • Issue Activity  
    • Advisory
  • Event...