Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Burp Suite Functionalities Basics, Summaries of Cybercrime, Cybersecurity and Data Privacy

SRM Institute Of Science & TechnologyCybercrime, Cybersecurity and Data Privacy

Here in the documents all the essential basics of the burp suite have been explained .

Typology: Summaries

2021/2022

Available from 08/07/2022

sharmaaman1029
sharmaaman1029 🇮🇳

3 documents

1 / 7

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Aman Sharma Intern (Technical-Engineering)
Burp Suite Functionalities
Burp Suite is a fully functional web application attack tool that can be used to conduct
practically any type of penetration test on a website. The capability of Burp Suite to
intercept HTTP requests is one of its key features. Typically, HTTP requests are
transmitted directly from your browser to a web server, where they are answered, and
then returned to your browser. However, with Burp Suite, HTTP requests are sent
directly from your browser to Burp Suite, which then snoops on the traffic.
This is what the dashboard of the Burp Suite looks like. We need to set up the Burp suite
by Installing the CA Certificate of burp into the browsers trusted certificate list, so that
the Burp can easily intercept the incoming and the outgoing traffic. Also we need to set
the host address as 127.0.0.1 and the istening port to 8080.
It is created by the company Portswigger, whose creator Dafydd Stuttard also goes by
that title. BurpSuite is designed to be an all-in-one toolkit, and BApps are add-ons that
may be installed to expand its functionality.
Week 2
pf3
pf4
pf5

Partial preview of the text

Download Burp Suite Functionalities Basics and more Summaries Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

Burp Suite Functionalities Burp Suite is a fully functional web application attack tool that can be used to conduct practically any type of penetration test on a website. The capability of Burp Suite to intercept HTTP requests is one of its key features. Typically, HTTP requests are transmitted directly from your browser to a web server, where they are answered, and then returned to your browser. However, with Burp Suite, HTTP requests are sent directly from your browser to Burp Suite, which then snoops on the traffic. This is what the dashboard of the Burp Suite looks like. We need to set up the Burp suite by Installing the CA Certificate of burp into the browsers trusted certificate list, so that the Burp can easily intercept the incoming and the outgoing traffic. Also we need to set the host address as 127.0.0.1 and the istening port to 8080. It is created by the company Portswigger, whose creator Dafydd Stuttard also goes by that title. BurpSuite is designed to be an all-in-one toolkit, and BApps are add-ons that may be installed to expand its functionality. Week 2

Burp Suite has an inbuilt vulnerability scanner which tries to detect the vulns on it's own whenever it intercepts the packets. In the above image we can see it clearly shows what problem has been found and where it has bee found. Also it categorises the vulnerabilities on the basis of their critical level. It shows the host name and the path where we need to go down to find the problem.

  1. Proxy The intercepting proxy in BurpSuite enables the user to view and change the contents of requests and answers while they are being transmitted. Additionally, it eliminates the need for copy-and-paste by allowing the user to pass the request or answer that is being monitored to another pertinent BurpSuite tool. The proxy server can be configured to run on a particular port and loop-back address. Additionally, the proxy can be set up to block particular kinds of request-response pairings.

Burp Repeater is a straightforward tool for manually altering, reissuing, and examining the replies from the application to individual HTTP requests. Anywhere in Burp allows you to send a request to Repeater, edit it, then send it repeatedly. Repeater is made to accept your requests and allow you to alter and replay them whenever you like. It is an extremely helpful tool for adjusting and enhancing payloads intended to take advantage of SQL injection or cross-site scripting vulnerabilities, often known as XSS and SQLI, respectively.

  1. Decoder The common encoding techniques are listed by Decoder and include URL, HTML, Base64, Hex, etc. When looking for data chunks in the values of parameters or headers, this tool is useful. Construction of the payload for various vulnerability classes also uses it. It is employed to find the most common instances of IDOR and session hijacking. Here in the image the normal payload has been encoded into html format. which can be used as a encoded payload.
  1. Target You may receive a complete overview of the functionality and content of your target application using the Burp Suite Target tab > Site map tool. The content of a URL is organised hierarchically on the left side of the page in a tree view, which is divided into domains, directories, folders, and files. You can expand the tree branches to see more details, and when you pick an item for which you need information, all pertinent information from the left-side view will be shown on the right-side view.
  2. Scan One effective tool for automatically scanning websites and web apps for vulnerabilities is Burp Suite Scanner.
  1. Extender BurpSuite enables the integration of extra components into the toolkit to expand its functionality. BApps are the name for these extraneous elements. These operate similarly to browser extensions. In the Extender window, they can be seen, modified, installed, and uninstalled. Some of them can be used with the free community version, but others need the professional version, which costs money.