14 February, 2020 - 09:49 PM
(30 January, 2020 - 12:12 PM)hvpb17 Wrote: Show MoreunlockingBurp Suite Professional or which is popularly known as Burp is entirely a graphical tool which is used for testing of the Web Application Security.
Burp Suite is a unified platform which can perform any security testing of any Web Applications. Burp’s tool is unified or integrated to assist the entire testing process of the whole web application, analysis of application attack surfaces; it is also used to find the exploiting vulnerabilities in the Web. Burp also provides excellent and flexible control over the web application tester it also allows to add or combine the manual techniques with the art of automation.
Tools included in Burp SuiteThere are some set of tools which have been added in the complete version of the Burp Suite:
- HTTP Proxy: This tool operates or works as a server of web proxy; it can also be said as the man in the middle which is working between the browser and the web servers.
- Intruder: Intruder can perform any type of automated attacks on the Web Applications. This tool also gives you a complete configurable algorithm which can be used to generate any kind of malicious HTTP requests. This tool can quickly detect and perform the test against the SQL Injection, Cross-Site Scripting, and all others.
- Scanner: This tool is a complete security scanner for the web applications it is used for performing the automated vulnerability tests and scans of the web applications.
- Spider: This tool works just like a spider because of its electronic crawling web applications. It can be used as the conjunction with the manual mapping techniques to ultimately speed up the process of mapping the functions and applications of the content.
- Decoder: This tool transforms the transforms all of the encoded data into a canonical form. It is also used for transformation of the raw data in the form of various hashed and encoded forms. It is also capable of recognizing several encoding formats intelligently using different types of Heuristic techniques.
- Comparer: This tool is used for performing the comparison (a difference or Visual “diff”) between any type of items of the data.
- Repeater: With the help of this tool you can just test an application manually. It can also be used to modify requests to the server like resending them and observe the results.
- Extender: This tool allows the security tester to load all of the available Burp extensions, for extending the burps functions and using them for the third party code or the security testers own.
- Sequencer: This tool is used for analyzing the total quality of the randomness available in the sample of various data items. It can also be used to test any essential data items which are intended to be the unpredictable, application’s session tokens, such as the password reset tokens or Anti-CSRF tokens, etc.