|This article needs additional citations for verification. (November 2014)|
||The topic of this article may not meet Wikipedia's general notability guideline. (March 2015)|
When Burp Suite is used as a proxy server, it allows the user to manipulate the traffic that passes through it, i.e. between the web browser i.e. client and the web server. This is typically referred to as a Man-in-the-middle (MITM) type attack architecture. Burp employs tables--a user-friendly method of making changes to web traffic--to manipulate data before it is sent to the web server. With this functionality, exception situations can be reproduced, allowing any bugs and vulnerabilities present on the web server to be accurately pinpointed.
The Burp suite spider tool examines cookies and initiates connections with web applications, enumerating and mapping out the various pages and parameters of a website.
Burp Suite's intruder tool can perform automated attacks on web applications. The pen tester must already have detailed knowledge of the application and HTTP protocol to be atttacked. The tool offers a configurable algorithm that can generate malicious HTTP requests. The intruder tool can test and detect SQL injections, cross-site scripting, parameter manipulation and vulnerability for brute-force attacks.
The repeater is a simple tool that can be used to manually test an application. A pen tester can use it to modify requests to the server, resend them, and observe the results.
- "Burp Suite". PortSwigger Web Security. PortSwigger Ltd. 2014. Retrieved 2014-09-13.