Burp suite

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Burp Suite is a Java application that can be used to secure or penetrate web applications.[1] The suite consists of different tools, such as a proxy server, a web spider, intruder and repeater.

Proxy server[edit]

When Burp suite is used as a proxy server and a web browser uses this proxy server, it is possible to have control of all traffic that is exchanged between the web browser and web servers. Burp makes it possible to manipulate data before it is sent to the web server. For this, tables are used, which is a user friendly way of manipulating the data. With this functionality, exceptional situations can be reproduced and bugs and vulnerabilities of the website that is hosted on the web server can be pinpointed.

Spider[edit]

The Burp suite spider is a tool that can enumerate and map out the various web applications of a web page. For this, the spider examines cookies and initiates connections with these web applications.

Intruder[edit]

The intruder is a tool that can perform automated attacks on web applications. For this, the user of Burp suite must already have detailed knowledge of the application that is attacked and of the HTTP protocol. The tool offers an algorithm that is configurable and that can generate malicious HTTP requests. With this tool, vulnerabilities such as SQL injections, cross-site scripting, parameter manipulation and vulnerability for brute force attacks can be tested and detected.

Repeater[edit]

The repeater is a simple tool that can be used to modify requests to the server and resend them, observing the results. This is used for manually testing an application.

See also[edit]

References[edit]

  1. ^ "Burp Suite". PortSwigger Web Security. PortSwigger Ltd. 2014. Retrieved 2014-09-13. 

External links[edit]