|This article needs additional citations for verification. (November 2014)|
When Burp Suite is used as a proxy server, it allows the user to manipulate the traffic that passes through it, i.e. between the web browser client and the web server. This is typically referred to as a Man-in-the-middle (MITM) type attack architecture. Burp uses tables (which is a user friendly method of making changes to web traffic), to manipulate data before it is sent to the web server. With this functionality, exception situations can be reproduced, allowing any bugs and vulnerabilities present on the web server to be accurately pinpointed.
The Burp suite spider is a tool that can enumerate and map out the various pages and parameters of a web site. For this, the spider examines cookies and initiates connections with these web applications.
The intruder is a tool that can perform automated attacks on web applications. For this, the user of Burp suite must already have detailed knowledge of the application that is attacked and of the HTTP protocol. The tool offers an algorithm that is configurable and that can generate malicious HTTP requests. With this tool, vulnerabilities such as SQL injections, cross-site scripting, parameter manipulation and vulnerability for brute force attacks can be tested and detected.
The repeater is a simple tool that can be used to modify requests to the server and resend them, observing the results. This is used for manually testing an application.
- "Burp Suite". PortSwigger Web Security. PortSwigger Ltd. 2014. Retrieved 2014-09-13.