Burp suite
Burp Suite is a Java application that can be used to secure or penetrate web applications.[1] The suite consists of different tools, such as a proxy server, a web spider, intruder and repeater.
Proxy server
When Burp Suite is used as a proxy server, it allows the user to manipulate the traffic that passes through it, i.e. between the web browser client and the web server. This is typically referred to as a Man-in-the-middle (MITM) type attack architecture. Burp uses tables (which is a user friendly method of making changes to web traffic), to manipulate data before it is sent to the web server. With this functionality, exception situations can be reproduced, allowing any bugs and vulnerabilities present on the web server to be accurately pinpointed.
Spider
The Burp suite spider is a tool that can enumerate and map out the various pages and parameters of a web site. For this, the spider examines cookies and initiates connections with these web applications.
Intruder
The intruder is a tool that can perform automated attacks on web applications. For this, the user of Burp suite must already have detailed knowledge of the application that is attacked and of the HTTP protocol. The tool offers an algorithm that is configurable and that can generate malicious HTTP requests. With this tool, vulnerabilities such as SQL injections, cross-site scripting, parameter manipulation and vulnerability for brute force attacks can be tested and detected.
Repeater
The repeater is a simple tool that can be used to modify requests to the server and resend them, observing the results. This is used for manually testing an application.
See also
- Penetration test
- Web Application Security Scanner
- Fiddler (software)
- HTTP Debugger (software)
References
- ↑ "Burp Suite". PortSwigger Web Security. PortSwigger Ltd. 2014. Retrieved 2014-09-13.