Burp Suite Essentials

Book Image

Burp Suite Essentials

By : Akash Mahajan

Book Image

Burp Suite Essentials

By: Akash Mahajan

Overview of this book

Burp Suite Essentials

Burp Suite Essentials

Credits

About the Author

About the Author

Acknowledgments

Acknowledgments

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

Getting Started with Burp

Getting Started with Burp

Starting Burp from the command line

Specifying memory size for Burp

Ensuring that IPv4 is allowed

Working with other JVMs

Configuring Browsers to Proxy through Burp

Configuring Browsers to Proxy through Burp

Configuring widely used browsers to proxy through Burp Suite

Setting the Scope and Dealing with Upstream Proxies

Setting the Scope and Dealing with Upstream Proxies

Multiple ways to add targets to the scope

Scope and Burp Suite tools

Scope inclusion versus exclusion

Dropping out-of-scope requests

Dealing with upstream proxies and SOCKS proxies

SSL and Other Advanced Settings

SSL and Other Advanced Settings

Importing the Burp certificate in Mozilla Firefox

Importing the Burp certificate in Microsoft IE and Google Chrome

Installing the Burp certificate in iOS or Android

SSL pass-through

Invisible Proxy

Using Burp Tools As a Power User – Part 1

Using Burp Tools As a Power User – Part 1

The Message Analysis tab

Actions on the intercepted requests

Using Burp Tools As a Power User – Part 2

Using Burp Tools As a Power User – Part 2

Searching, Extracting, Pattern Matching, and More

Searching, Extracting, Pattern Matching, and More

Grep - Match and Grep - Extract

Using Engagement Tools and Other Utilities

Using Engagement Tools and Other Utilities

Target Analyzer

Content Discovery

CSRF proof of concept Generator

Using Burp Extensions and Writing Your Own

Using Burp Extensions and Writing Your Own

Setting up the Python runtime for Burp Extensions

Setting up the Ruby environment for Burp Extensions

Loading and installing a Burp Extension from the Burp App Store

Loading and installing a Burp Extension manually

Managing Burp Extensions

Writing our own Burp Extensions

Noteworthy Burp Extensions

Saving Securely, Backing Up, and Other Maintenance Activities

Saving Securely, Backing Up, and Other Maintenance Activities

Saving and restoring a state

Automatic backups

Scheduled tasks

Logging all activities

Resources, References, and Links

Resources, References, and Links

Primary references

Web application security testing with Burp

Miscellaneous security testing tutorials with Burp Suite

Pentesting thick clients

Testing mobile applications for web security using Burp Suite

Extensions references

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Multiple ways to add targets to the scope

Burp has a subtab called Scope under the Target tab. The most common way to add a target to Scope is to navigate to it using your browser, find it in the Site map subtab under the Target tab, right-click on it, and select Add to scope.

For example, if we have permission to test http://download.mozilla.org, and we want to add it to the scope, we do the following:

We can always edit the URL in the URL editor window if we need to tweak it a bit or if we made any mistakes and added something we shouldn't add. Have a look at the following screenshot:

Apart from adding the URL to the scope using the context menu, we can always paste the URL of the target as well. When we paste the URL, we can choose the protocol, host/IP, port, and filename.

Loading a list of targets from a file

Loading a list of targets from a file is the most sensible way of adding targets to the scope in Burp. In most security assessment scenarios, we are already aware of exact URLs for...