Book Image

Burp Suite Cookbook

By : Sunny Wear
Book Image

Burp Suite Cookbook

By: Sunny Wear

Overview of this book

Burp Suite is a Java-based platform for testing the security of your web applications, and has been adopted widely by professional enterprise testers. The Burp Suite Cookbook contains recipes to tackle challenges in determining and exploring vulnerabilities in web applications. You will learn how to uncover security flaws with various test cases for complex environments. After you have configured Burp for your environment, you will use Burp tools such as Spider, Scanner, Intruder, Repeater, and Decoder, among others, to resolve specific problems faced by pentesters. You will also explore working with various modes of Burp and then perform operations on the web. Toward the end, you will cover recipes that target specific test scenarios and resolve them using best practices. By the end of the book, you will be up and running with deploying Burp for securing web applications.
Table of Contents (13 chapters)

Downloading Burp (Community, Professional)

The first step in learning the techniques contained within this book is to download the Burp suite. The download page is available here ( You will need to decide which edition of the Burp suite you would like to download from the following:

  • Professional
  • Community
  • Enterprise (not covered)

What is now termed Community was once labeled Free Edition. You may see both referenced on the internet, but they are one and the same. At the time of this writing, the Professional edition costs $399.

To help you make your decision, let's compare the two. The Community version offers many of the functions used in this book, but not all. For example, Community does not include any scanning functionality. In addition, the Community version contains some forced throttling of threads when using the Intruder functionality. There are no built-in payloads in the Community version, though you can load your own custom ones. And, finally, several Burp extensions that require Professional will, obviously, not work in the Community edition.

The Professional version has all functionality enabled including passive and active scanners. There is no forced throttled. PortSwigger (that is, the name of the company that writes and maintains the Burp suite) provides several built-in payloads for fuzzing and brute-forcing. Burp extensions using scanner-related API calls are workable in the Professional version as well.

In this book, we will be using the Professional version, which means much of the functionality is available in the Community edition. However, when a feature is used in this book specific to the Professional edition, a special icon will indicate this. The icon used is the following:

Getting ready

To begin our adventure together, go to and download the edition of the Burp suite you wish to use. The page provides a slider, as following, which highlights the features of Professional and Community, allowing you to compare them:

Many readers may choose the Community edition to gain familiarity with the product prior to purchasing.

Should you choose to purchase or trial the Professional edition, you will need to complete forms or payments and subsequent email confirmations will be sent to you. Once your account is created, you may login and perform the download from the links provided in our account.

Software tool requirements

How to do it...

After deciding on the edition you need, you have two installation options, including an executable or a plain JAR file. The executable is only available in Windows and is offered in both 32-bit or 64-bit. The plain JAR file is available for Windows, macOS, and Linux.

The Windows executable is self-contained and will create icons in your program listing. However, the plain JAR file requires your platform to have Java ( pre-installed. You may choose the current version of Java (JRE or JDK) so feel free to choose the latest version: