Burp Suite Essentials

Book Image

Burp Suite Essentials

By : Akash Mahajan

Book Image

Burp Suite Essentials

By: Akash Mahajan

Overview of this book

Burp Suite Essentials

Burp Suite Essentials

Credits

About the Author

About the Author

Acknowledgments

Acknowledgments

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

Getting Started with Burp

Getting Started with Burp

Starting Burp from the command line

Specifying memory size for Burp

Ensuring that IPv4 is allowed

Working with other JVMs

Configuring Browsers to Proxy through Burp

Configuring Browsers to Proxy through Burp

Configuring widely used browsers to proxy through Burp Suite

Setting the Scope and Dealing with Upstream Proxies

Setting the Scope and Dealing with Upstream Proxies

Multiple ways to add targets to the scope

Scope and Burp Suite tools

Scope inclusion versus exclusion

Dropping out-of-scope requests

Dealing with upstream proxies and SOCKS proxies

SSL and Other Advanced Settings

SSL and Other Advanced Settings

Importing the Burp certificate in Mozilla Firefox

Importing the Burp certificate in Microsoft IE and Google Chrome

Installing the Burp certificate in iOS or Android

SSL pass-through

Invisible Proxy

Using Burp Tools As a Power User – Part 1

Using Burp Tools As a Power User – Part 1

The Message Analysis tab

Actions on the intercepted requests

Using Burp Tools As a Power User – Part 2

Using Burp Tools As a Power User – Part 2

Searching, Extracting, Pattern Matching, and More

Searching, Extracting, Pattern Matching, and More

Grep - Match and Grep - Extract

Using Engagement Tools and Other Utilities

Using Engagement Tools and Other Utilities

Target Analyzer

Content Discovery

CSRF proof of concept Generator

Using Burp Extensions and Writing Your Own

Using Burp Extensions and Writing Your Own

Setting up the Python runtime for Burp Extensions

Setting up the Ruby environment for Burp Extensions

Loading and installing a Burp Extension from the Burp App Store

Loading and installing a Burp Extension manually

Managing Burp Extensions

Writing our own Burp Extensions

Noteworthy Burp Extensions

Saving Securely, Backing Up, and Other Maintenance Activities

Saving Securely, Backing Up, and Other Maintenance Activities

Saving and restoring a state

Automatic backups

Scheduled tasks

Logging all activities

Resources, References, and Links

Resources, References, and Links

Primary references

Web application security testing with Burp

Miscellaneous security testing tutorials with Burp Suite

Pentesting thick clients

Testing mobile applications for web security using Burp Suite

Extensions references

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Comparer

Next in our tools for Burp Suite is Comparer. Comparer is simply a tool to compare to HTTP requests or responses.

Comparer is useful when you want to see how different values for parameters and headers enable subtle changes in the responses that you receive. It is useful to see how the application reacts to a valid user, invalid password combination compared to an invalid user and invalid password combination. This can aid in enumerating usernames.

Consider that a web application gives an informational error, such as a wrong password for a given username. All I need to do is supply different usernames, and for all those times, if I get the mentioned error, I will know for sure that those usernames exist in the web application.

Many times with Blind SQL injection, there can be tiny differences in HTTP responses, and the tool can help you identify exactly what is different.

We start by using the context menu to send either the HTTP request or response to the Comparer. have a look at the...