Index

A

• actions, on intercepted requests
  • about / Actions on the intercepted requests
• activities
  • logging / Logging all activities
• Alerts
  • about / Alerts
• Android
  • Burp certificate, installing / Installing the Burp certificate in iOS or Android
• application security, PortSwigger blog
  • URL / Learning about Burp
• attack types
  • Sniper / Intruder
  • Battering Ram / Intruder
  • Pitchfork / Intruder
  • Cluster Bomb / Intruder
• automatic backups
  • about / Automatic backups

B

• BApp files
  • used, for installing Burp Extensions / Using BApp files
• BApp Store
  • Burp Extensions, loading from / Loading and installing a Burp Extension from the Burp App Store
• books
  • references / Books
• browser configuration
  • to, proxy through Burp Suite / Configuring widely used browsers to proxy through Burp Suite
  • Microsoft Internet Explorer / Microsoft Internet Explorer
  • Google Chrome / Google Chrome
  • Mozilla Firefox / Mozilla Firefox
  • Exclusive Firefox profile / Exclusive Firefox profile
• browsers
  • configuring, to proxy Burp Suite / Configuring widely used browsers to proxy through Burp Suite
• Burp
  • starting, from command line / Starting Burp from the command line
  • proxies, supported / Types of proxies supported by Burp
  • setting up, to be proxy server for other devices / Setting up Burp to be a proxy server for other devices
  • references, for documentation / Learning about Burp
  • URL, for handy table of contents / Learning about Burp
  • URL, for Troubleshooting page / Learning about Burp
  • URL, for user forums / Learning about Burp
  • official API documentation / Extensions references
• burpbuddy
  • about / Writing our own Burp Extensions
  • URL / Writing our own Burp Extensions
• Burp certificate
  • importing, in Mozilla Firefox / Importing the Burp certificate in Mozilla Firefox
  • importing, in Microsoft IE / Importing the Burp certificate in Microsoft IE and Google Chrome
  • importing, in Google Chrome / Importing the Burp certificate in Microsoft IE and Google Chrome
  • installing, in iOS / Installing the Burp certificate in iOS or Android
  • installing, in Android / Installing the Burp certificate in iOS or Android
• Burp Crawljax Selenium JUnit integration
  • URL / Extensions references
• Burp Extensions
  • Python runtime, setting up for / Setting up the Python runtime for Burp Extensions
  • Ruby environment, setting up for / Setting up the Ruby environment for Burp Extensions
  • loading, from BApp Store / Loading and installing a Burp Extension from the Burp App Store
  • installing / Loading and installing a Burp Extension from the Burp App Store, Loading and installing a Burp Extension manually
  • installing, BApp files used / Using BApp files
  • loading / Loading and installing a Burp Extension manually
  • managing / Managing Burp Extensions
  • memory issues / Memory issues with Burp Extensions
  • writing / Writing our own Burp Extensions, Extensions references
  • URL, for blogs / Writing our own Burp Extensions, A simple Burp Extension in Python
  • writing, in Python / A simple Burp Extension in Python, Extensions references
  • URL, for tutorials / A simple Burp Extension in Python
  • Heartbleed / Noteworthy Burp Extensions
  • Logger++ / Noteworthy Burp Extensions
  • CO2 / Noteworthy Burp Extensions
  • Reissue Request scripter / Noteworthy Burp Extensions
  • references / Extensions references
  • environment, setting up for / Extensions references
• Burp Extensions, GitHub
  • URL / Loading and installing a Burp Extension manually
• Burp Extensions, in Burp App Store
  • URL / Extensions references
• Burp Proxy, extending with Extensions
  • URL / Extensions references
• Burp Suite
  • memory size, specifying / Specifying memory size for Burp
  • proxy, browser configured for / Configuring widely used browsers to proxy through Burp Suite
  • tools and Scope / Scope and Burp Suite tools
  • URL, for video tutorials / Learning about Burp

C

• Cascading Style Sheet (CSS) / Using the Proxy history tab
• CO2 / Noteworthy Burp Extensions
• command line
  • Burp, starting from / Starting Burp from the command line
• Comparer
  • about / Comparer
• Content Discovery
  • about / Content Discovery
• crawling
  • about / Scanner
• cross-site request forgery
  • about / CSRF proof of concept Generator
• CSRF proof of concept (PoC) Generator
  • about / CSRF proof of concept Generator

D

• Decoder
  • about / Decoder

E

• environment
  • setting up, for Burp Extensions / Extensions references
• EventListeners extension
  • about / A simple Burp Extension in Python
• exclusion, Scope
  • versus inclusion / Scope inclusion versus exclusion
• Export comments wizard / Search
• Export scripts wizard / Search

F

• file
  • targets list, loading / Loading a list of targets from a file
• filtering
  • about / Filtering
  • options / Filtering
  • illustration / Illustration
• FoxyProxy
  • about / Fine-grained proxy configuration
  • setting up / Setting up FoxyProxy

G

• garbage collector (GC) / Specifying the maximum memory Burp is allowed to use
• GitHub
  • about / Loading and installing a Burp Extension manually
• GitHub, searching for Burp Extensions
  • URL / Extensions references
• Googlebot
  • about / Spidering
• Google Chrome
  • about / Google Chrome
  • Burp certificate, importing / Importing the Burp certificate in Microsoft IE and Google Chrome
• Grep
  • about / Intruder, Grep - Match and Grep - Extract
• Grep - Extract
  • about / Grep - Match and Grep - Extract
  • interface / Grep - Match and Grep - Extract
• Grep - Match
  • about / Intruder, Grep - Match and Grep - Extract

H

• Heartbleed
  • about / Noteworthy Burp Extensions
  • URL / Noteworthy Burp Extensions
• History Table heading
  • URL / Using the Proxy history tab

I

• inclusion, Scope
  • versus exclusion / Scope inclusion versus exclusion
• Intruder
  • about / Intruder
  • using / Intruder
  • request, sending to / Intruder
  • rules, for performing Payload Processing / Intruder
• Intruder tool
  • about / Grep - Match and Grep - Extract
• Invisible Proxy
  • about / Invisible Proxy
• iOS
  • Burp certificate, installing / Installing the Burp certificate in iOS or Android
• IPv4
  • usage, allowed / Ensuring that IPv4 is allowed

J

• Java 1.6+
  • URL / Starting Burp from the command line
• Java Virtual Machine (JVM) / Specifying the maximum memory Burp is allowed to use
• jot / Sample analysis
• JRuby
  • URL, for downloading / Setting up the Ruby environment for Burp Extensions
• JVMs
  • working with / Working with other JVMs
• Jython standalone JAR file
  • URL, for downloading stable version / Setting up the Python runtime for Burp Extensions

L

• Logger++ / Noteworthy Burp Extensions

M

• Match and Replace
  • about / Matching
• matching
  • about / Matching
  • operations / Matching
  • rules / Matching
• memory issues, Burp Extensions
  • about / Memory issues with Burp Extensions
• memory size, Burp Suite
  • specifying / Specifying memory size for Burp
  • maximum memory, specifying / Specifying the maximum memory Burp is allowed to use
• Message Analysis tab
  • about / The Message Analysis tab
  • Raw subtab / The Message Analysis tab
  • Params subtab / The Message Analysis tab
  • Headers subtab / The Message Analysis tab
  • Hex subtab / The Message Analysis tab
  • HTML subtab / The Message Analysis tab
  • XML subtab / The Message Analysis tab
  • Render subtab / The Message Analysis tab
  • View States subtab / The Message Analysis tab
  • AMF subtab / The Message Analysis tab
  • display settings / The Message Analysis tab
• Microsoft IE
  • Burp certificate, importing / Importing the Burp certificate in Microsoft IE and Google Chrome
• Microsoft Internet Explorer
  • about / Microsoft Internet Explorer
• miscellaneous security testing tutorials, Burp Suite
  • references / Miscellaneous security testing tutorials with Burp Suite
• mobile applications, for web security
  • resources / Testing mobile applications for web security using Burp Suite
• Mozilla Firefox
  • about / Mozilla Firefox
  • Fine-grained proxy configuration / Fine-grained proxy configuration
  • Plug-n-Hack extension / Mozilla Plug-n-Hack extension
  • blog, URL / Mozilla Plug-n-Hack extension
  • Exclusive Firefox profile / Exclusive Firefox profile
  • Burp certificate, importing / Importing the Burp certificate in Mozilla Firefox
• Mutillidae
  • about / Sequencer

N

• Nikto
  • about / Content Discovery

O

• out-of-scope requests
  • dropping / Dropping out-of-scope requests
• OWASP DirBuster
  • about / Content Discovery

P

• passive scan / Scanning optimization and requests
• payload types
  • Extension Generated / Intruder
  • ECB Block Shuffler / Intruder
  • Character Frobber / Intruder
  • Null Payloads / Intruder
• primary references
  • about / Primary references
• proxies
  • supported, by Burp / Types of proxies supported by Burp
• Proxy
  • using / Proxy
• Proxy History tab
  • using / Using the Proxy history tab
• PuTTY / Using SSH tunneling as a SOCKS proxy
• Python
  • Burp Extension, writing in / A simple Burp Extension in Python, Extensions references
• Python runtime
  • setting up, for Burp Extensions / Setting up the Python runtime for Burp Extensions

R

• Reissue Request scripter / Noteworthy Burp Extensions
• Repeater
  • about / Repeater
  • user interface / Repeater
  • using / Repeater
• response modification
  • about / Response interception and modification
• responses
  • intercepting / Response interception and modification
• Ruby environment
  • setting up, for Burp Extensions / Setting up the Ruby environment for Burp Extensions

S

• sample analysis, Sequencer / Sample analysis
• Scanner
  • about / Scanner
  • scanning optimization / Scanning optimization and requests
  • scanning requests / Scanning optimization and requests
  • URL / Scanning optimization and requests
• scan queues / When to scan
• scheduled tasks
  • about / Scheduled tasks
• Scope
  • targets adding, ways / Multiple ways to add targets to the scope
  • and Burp Suite tools / Scope and Burp Suite tools
  • inclusion versus exclusion / Scope inclusion versus exclusion
  • out-of-scope requests, dropping / Dropping out-of-scope requests
• Search
  • about / Search
• search form
  • about / Search
• Secure Shell Server (SSH) / Using SSH tunneling as a SOCKS proxy
• Sequencer
  • about / Sequencer
  • test for randomness, of tokens / Sequencer
  • token analysis / Analysis of the tokens
  • URL, for tests / Analysis of the tokens
  • sample analysis / Sample analysis
• significance level / Analysis of the tokens
• SOCKS proxies
  • dealing with / Dealing with upstream proxies and SOCKS proxies
  • working with / Working with SOCKS proxies
  • SSH tunneling, using as / Using SSH tunneling as a SOCKS proxy
• spidering
  • overview / Spidering
• Sqlmap
  • about / Miscellaneous security testing tutorials with Burp Suite
• SSH tunneling
  • using, as SOCK proxy / Using SSH tunneling as a SOCKS proxy
• SSL pass-through
  • about / SSL pass-through
• state
  • saving / Saving and restoring a state
  • restoring / Saving and restoring a state

T

• Target Analyzer tool
  • about / Target Analyzer
• targets
  • adding to Scope, ways / Multiple ways to add targets to the scope
  • list, loading from file / Loading a list of targets from a file
• Task Scheduler
  • about / Task Scheduler
• thiick clients, pentesting
  • references / Pentesting thick clients
• token analysis, Sequencer / Analysis of the tokens
• Tor browser bundle
  • URL / Working with SOCKS proxies

U

• upstream proxies
  • dealing with / Dealing with upstream proxies and SOCKS proxies

W

• web application security testing, Burp
  • about / Web application security testing with Burp
  • references / Web application security testing with Burp

X

• .xpi file
  • URL / Mozilla Plug-n-Hack extension