Burp suite
Burp Suite is a Java application that can be used to secure or penetrate web applications.[1][2] The suite consists of different tools, such as a proxy server, a web spider, intruder and repeater.
Proxy server
When Burp Suite is used as a proxy server, it allows the user to manipulate the traffic that passes through it, i.e. between the web browser and the client. This is typically referred to as a [Man-in-the-middle] (MITM) type attack architecture. Burp employs tables--a user-friendly method of making changes to web traffic--to manipulate data before it is sent to the web server. With this functionality, exception situations can be reproduced, allowing any bugs and vulnerabilities present on the web server to be accurately pinpointed.
Spider
The Burp suite spider tool examines cookies and initiates connections with web applications, enumerating and mapping out the various pages and parameters of a website.
Intruder
Burp Suite's intruder tool can perform automated attacks on web applications. The pen tester must already have detailed knowledge of the application and HTTP protocol to be atttacked. The tool offers a configurable algorithm that can generate malicious HTTP requests. The intruder tool can test and detect SQL injections, cross-site scripting, parameter manipulation and vulnerability for brute-force attacks.
Repeater
The repeater is a simple tool that can be used to manually test an application. A pen tester can use it to modify requests to the server, resend them, and observe the results.
See also
References
- ↑ "Burp Suite". PortSwigger Web Security. PortSwigger Ltd. 2014. Retrieved 2014-09-13.
- ↑ "10 outils de hacking pour les expert: burp suite".