Burp Suite Essentials

Book Image

Burp Suite Essentials

By : Akash Mahajan

Book Image

Burp Suite Essentials

By: Akash Mahajan

Overview of this book

Burp Suite Essentials

Burp Suite Essentials

Credits

About the Author

About the Author

Acknowledgments

Acknowledgments

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

Getting Started with Burp

Getting Started with Burp

Starting Burp from the command line

Specifying memory size for Burp

Ensuring that IPv4 is allowed

Working with other JVMs

Configuring Browsers to Proxy through Burp

Configuring Browsers to Proxy through Burp

Configuring widely used browsers to proxy through Burp Suite

Setting the Scope and Dealing with Upstream Proxies

Setting the Scope and Dealing with Upstream Proxies

Multiple ways to add targets to the scope

Scope and Burp Suite tools

Scope inclusion versus exclusion

Dropping out-of-scope requests

Dealing with upstream proxies and SOCKS proxies

SSL and Other Advanced Settings

SSL and Other Advanced Settings

Importing the Burp certificate in Mozilla Firefox

Importing the Burp certificate in Microsoft IE and Google Chrome

Installing the Burp certificate in iOS or Android

SSL pass-through

Invisible Proxy

Using Burp Tools As a Power User – Part 1

Using Burp Tools As a Power User – Part 1

The Message Analysis tab

Actions on the intercepted requests

Using Burp Tools As a Power User – Part 2

Using Burp Tools As a Power User – Part 2

Searching, Extracting, Pattern Matching, and More

Searching, Extracting, Pattern Matching, and More

Grep - Match and Grep - Extract

Using Engagement Tools and Other Utilities

Using Engagement Tools and Other Utilities

Target Analyzer

Content Discovery

CSRF proof of concept Generator

Using Burp Extensions and Writing Your Own

Using Burp Extensions and Writing Your Own

Setting up the Python runtime for Burp Extensions

Setting up the Ruby environment for Burp Extensions

Loading and installing a Burp Extension from the Burp App Store

Loading and installing a Burp Extension manually

Managing Burp Extensions

Writing our own Burp Extensions

Noteworthy Burp Extensions

Saving Securely, Backing Up, and Other Maintenance Activities

Saving Securely, Backing Up, and Other Maintenance Activities

Saving and restoring a state

Automatic backups

Scheduled tasks

Logging all activities

Resources, References, and Links

Resources, References, and Links

Primary references

Web application security testing with Burp

Miscellaneous security testing tutorials with Burp Suite

Pentesting thick clients

Testing mobile applications for web security using Burp Suite

Extensions references

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Noteworthy Burp Extensions

The following are some of the extensions worth taking a look at:

Heartbleed: This extension checks whether a particular server is vulnerable to the Heartbleed vulnerability (http://heartbleed.com). Usually, such a check would be done by the vulnerability assessment software, such as Nessus or Nmap with NSE.
Logger++: Many times, a client report requires full logs of each and every request and response. Logger++ takes care of this really well. The logs can be sorted and also saved in CSV format, which can then be imported in a spreadsheet software, such as Microsoft Excel or OpenOffice Calc.
CO2: This extension has multiple features, of which the most useful one for me is the ability to give the sqlmap command-line output that can be directly run on the command line.
Reissue Request scripter: This extension generates scripts from Proxy history, which can then be saved outside of Burp and run from the command line. These scripts are generated for Python, Ruby, Perl...