Burp suite

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Burp Suite is a Java application that can be used to secure or penetrate web applications.[1] The suite consists of different tools, such as a proxy server, a web spider, intruder and repeater.

Proxy server[edit]

When Burp Suite is used as a proxy server, it allows the user to manipulate the traffic that passes through it, i.e. between the web browser i.e. client and the web server. This is typically referred to as a Man-in-the-middle (MITM) type attack architecture. Burp employs tables--a user-friendly method of making changes to web traffic--to manipulate data before it is sent to the web server. With this functionality, exception situations can be reproduced, allowing any bugs and vulnerabilities present on the web server to be accurately pinpointed.

Spider[edit]

The Burp suite spider tool examines cookies and initiates connections with web applications, enumerating and mapping out the various pages and parameters of a website.

Intruder[edit]

Burp Suite's intruder tool can perform automated attacks on web applications. The pen tester must already have detailed knowledge of the application and HTTP protocol to be atttacked. The tool offers a configurable algorithm that can generate malicious HTTP requests. The intruder tool can test and detect SQL injections, cross-site scripting, parameter manipulation and vulnerability for brute-force attacks.

Repeater[edit]

The repeater is a simple tool that can be used to manually test an application. A pen tester can use it to modify requests to the server, resend them, and observe the results.

See also[edit]

References[edit]

  1. ^ "Burp Suite". PortSwigger Web Security. PortSwigger Ltd. 2014. Retrieved 2014-09-13. 

External links[edit]