#2 Different Burp Suite Tools — Guide for Burp Suite
2023-11-21 12:4:59 Author: infosecwriteups.com(查看原文) 阅读量:7 收藏

Piyush Kumawat (securitycipher)

InfoSec Write-ups

This article is a part of the Guide for Burp Suite series. Within the previous article, we see the Introduction of Burp Suite. Now we’ll move forward and learn about the different tools that are available with Burp Suite. So Let’s Get Started.

Read Complete Article on: https://securitycipher.com/2020/06/07/different-burp-suite-tools-guide-for-burp-suite/

Burp Suite contains various tools for performing different testing tasks. The tools operate effectively together, and you can pass interesting requests between tools as your work progresses, to carry out different actions.

Target — The Target tool contains the site map, with detailed information about your target applications. It lets you define which targets are in scope for your current work and also lets you drive the process of testing for vulnerabilities.

Proxy — Burp Proxy lies at the heart of Burp’s user-driven workflow, and lets you intercept, view, and modify all requests and responses passing between your browser and destination web servers.

Intruder — Burp Intruder is a powerful tool for automating customized attacks against web applications. It can be used to automate all kinds of tasks that may arise during your testing.

Repeater — Burp Repeater is a simple tool for manually manipulating and reissuing individual HTTP requests, and analyzing the application’s responses. You can send a request to Repeater from anywhere within Burp, modify the request and issue it over and over.

Sequencer — Burp Sequencer is a tool for analyzing the quality of randomness in a sample of data items. You can use it to test an application’s session tokens or other important data items that are intended to be unpredictable, such as anti-CSRF tokens, password reset tokens, etc.

Decoder — Burp Decoder is a simple tool for transforming encoded data into its canonical form, or for transforming raw data into various encoded and hashed forms. It is capable of intelligently recognizing several encoding formats using heuristic techniques.

Comparer — Burp Comparer is a simple tool for performing a comparison (a visual “diff”) between any two items of data.

Read Complete Article on: https://securitycipher.com/2020/06/07/different-burp-suite-tools-guide-for-burp-suite/

Extender — Burp Extender lets you use Burp extensions, to extend Burp’s functionality using your own or third-party code. You can load and manage extensions, view details about installed extensions, install extensions from the BApp Store, view the current Burp Extender API, and configure options for how extensions are handled.

Scanner — Burp Scanner is a tool for performing automated scans of web sites, to discover content and audit for vulnerabilities. This tool is only available with Enterprise and Professional editions.

Burp Collaborator — Burp Collaborator client is a tool for making use of the Burp Collaborator during manual testing. You can use the Collaborator client to generate payloads for use in manual testing, and poll the Collaborator server for any network interactions that result from using those payloads. This tool is available with Enterprise and Professional editions.

Dashboard — Burp Suite is getting a brand new dashboard, which lets you monitor and control its automated activity. It shows the currently configured tasks, with a summary of their progress and results:

In further tutorials, we will discuss all the above-mentioned tools in detail.

Read Complete Article on: https://securitycipher.com/2020/06/07/different-burp-suite-tools-guide-for-burp-suite/

Follow me on:
Twitter:
https://twitter.com/piyush_supiy
Linkedin:
https://linkedin.com/piyush-kumawat
Website:
https://securitycipher.com
Telegram:
https://t.me/securecipher

#burpsuite #burpsuitetutorial #burp #webapplicaitonpentesting


文章来源: https://infosecwriteups.com/2-different-burp-suite-tools-guide-for-burp-suite-7c5aa2ad05ed?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh