Book Image

Burp Suite Essentials

By : Akash Mahajan
Book Image

Burp Suite Essentials

By: Akash Mahajan

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Burp Suite Essentials
Akash Mahajan
Nov, 2014 | 144 pages
No titles found
Table of Contents (19 chapters)
Burp Suite Essentials
Burp Suite Essentials
Credits
Credits
About the Author
About the Author
Acknowledgments
Acknowledgments
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Started with Burp
Getting Started with Burp
Starting Burp from the command line
Specifying memory size for Burp
Ensuring that IPv4 is allowed
Working with other JVMs
Summary
2
Configuring Browsers to Proxy through Burp
Configuring Browsers to Proxy through Burp
Configuring widely used browsers to proxy through Burp Suite
Summary
3
Setting the Scope and Dealing with Upstream Proxies
Setting the Scope and Dealing with Upstream Proxies
Multiple ways to add targets to the scope
Scope and Burp Suite tools
Scope inclusion versus exclusion
Dropping out-of-scope requests
Dealing with upstream proxies and SOCKS proxies
Summary
4
SSL and Other Advanced Settings
SSL and Other Advanced Settings
Importing the Burp certificate in Mozilla Firefox
Importing the Burp certificate in Microsoft IE and Google Chrome
Installing the Burp certificate in iOS or Android
SSL pass-through
Invisible Proxy
Summary
5
Using Burp Tools As a Power User – Part 1
Using Burp Tools As a Power User – Part 1
Target
Proxy
The Message Analysis tab
Actions on the intercepted requests
Intruder
Scanner
Repeater
Summary
6
Using Burp Tools As a Power User – Part 2
Using Burp Tools As a Power User – Part 2
Spidering
Sequencer
Decoder
Comparer
Alerts
Summary
7
Searching, Extracting, Pattern Matching, and More
Searching, Extracting, Pattern Matching, and More
Filtering
Matching
Grep - Match and Grep - Extract
Summary
8
Using Engagement Tools and Other Utilities
Using Engagement Tools and Other Utilities
Search
Target Analyzer
Content Discovery
Task Scheduler
CSRF proof of concept Generator
Summary
9
Using Burp Extensions and Writing Your Own
Using Burp Extensions and Writing Your Own
Setting up the Python runtime for Burp Extensions
Setting up the Ruby environment for Burp Extensions
Loading and installing a Burp Extension from the Burp App Store
Loading and installing a Burp Extension manually
Managing Burp Extensions
Writing our own Burp Extensions
Noteworthy Burp Extensions
Summary
10
Saving Securely, Backing Up, and Other Maintenance Activities
Saving Securely, Backing Up, and Other Maintenance Activities
Saving and restoring a state
Automatic backups
Scheduled tasks
Logging all activities
Summary
11
Resources, References, and Links
Resources, References, and Links
Primary references
Web application security testing with Burp
Miscellaneous security testing tutorials with Burp Suite
Pentesting thick clients
Testing mobile applications for web security using Burp Suite
Extensions references
Books
Summary
Index
Index

About the Reviewers

Luca De Fulgentis is an Offensive Security enthusiast with experience in application security engineering and penetration testing. He holds a Master's degree in Computer Engineering from Politecnico di Milano, from where he graduated with a thesis on evolutionary fuzzing. As the CTO of Secure Network S.r.l., he delivers and coordinates the company's top-notch security services. He is also involved in training tigers for the team and researching advanced client-side exploitation techniques, cross-device attacks, and Windows Phone platform security.

Rejah Rehim is currently a software engineer with Digital Brand Group (DBG), India, and is a longtime preacher of the open source community. He is a steady contributor to the Mozilla Foundation, and his name has been featured in the San Francisco Monument made by the Mozilla Foundation.

He is a part of the Mozilla add-on review board and has contributed to the development of several node modules. He has also been credited with the creation of eight Mozilla add-ons, including the highly successful Clear Console add-on that was selected as one of the best Mozilla add-ons of 2013. With a user base of more than 44,000, it has registered more than 450,000 downloads till date. He has successfully created the world's first, one-of-a-kind, open source, Linux-based security penetration testing browser bundle, PenQ. It is preconfigured with tools for spidering, advanced web searching, fingerprinting, and much more.

Rejah is also an active member of OWASP and the chapter leader of OWASP Kerala. He is also one of the moderators of the OWASP Google+ group and an active speaker at Coffee@DBG, one of the most premier monthly technology reviews in Technopark, Kerala. Besides being a part of the Cyber Security division of DBG currently and QBurst in the past, he is also a fan of process automation and has implemented it in DBG.

David Shaw has extensive experience in many aspects of information security. Beginning his career as a network security analyst, he monitored perimeter firewalls and intrusion detection systems in order to identify and neutralize threats in real time. After working in the trenches of perimeter analysis, he joined the External Threat Assessment Team as a security researcher, working closely with large financial institutions to mitigate external risk and combat phishing attacks.

David joined Redspin in 2009 and has worked as a senior security engineer, director of penetration testing, and senior director of engineering. He is currently the CTO and Vice President of Professional Services at Redspin, specializing in external and application security assessments and managing a team of highly skilled engineers.

He has keen interest in complex threat modeling and unconventional attack vectors and has been a speaker at THOTCON, NolaCon, ToorCon, LayerOne, DEF CON, BSides Las Vegas, BSides Los Angeles, and BSides Seattle.

Previous Section
Next Chapter