Burp Suite Basics

Web App Security Fundamentals

Created: 2022-07-08
Tags: #fleeting

Difference of User Options and Project Options in Burp Suite

Versions of Burp Suites and their differences

Extensions in Burp Suite

Shortcut keys for Burp Suite

Built-in browser in Burp Suite can't launch in linux

Burp Suite Repeater

Burp Suite is a framework written in Java

aims to provide one-stop-shop for web application penetration testing.
tool for hands-on web app security assessments.
Frequently used when attacking web and mobile apps.

Assessing mobile applications, as the same features which make it so attractive for web app testing translate almost perfectly into testing the APIs (Application Programming Interfaces) powering most mobile apps.

Core level of Burp Suite

The burp proxy.
What is Burp Proxy

Burp can

capture and manipulate all of the traffic
between an attacker and a webserver:

After capturing requests,
we can choose to send them to various other parts of the Burp Suite framework

This ability to intercept, view, and modify web requests prior to them being sent to the target server (or, in some cases, the responses before they are received by our browser), makes Burp Suite perfect for any kind of manual web app testing.

Burp Suite Basics

Core level of Burp Suite

References