Skip to main content

Burp suite

What is Burpsuite you ask? Burp Suite is a Java based Web Penetration Testing framework.

It has become an industry standard suite of tools used by information security professionals to identify vulnerabilities and verify attack vectors for web-based applications.

In its simplest form, Burpsuite can be classified as an Interception Proxy.

A penetration tester configures their Internet browser to route traffic through the proxy which then acts as a sort of Man In The Middle by capturing and analyzing each request and response to and from the target web application.

Individual HTTP requests can be paused, manipulated and replayed back to the web server for targeted analysis of parameter specific injection points.

Injection points can be specified for manual as well as automated fuzzing attacks to discover potentially unintended application behaviors, crashes and error messages.

  >> BURPSUITE: SOURCE

  Burpsuite is created by: PortSwigger Web Security

It is available as a free download with limited but extremely capable functionality.

However, the commercial suite is affordably priced and well worth the investment if you are serious about web penetration testing.

You can obtain a licensed copy here: https://portswigger.net/buy/

  Burp is easy to use and provides the administrators full control to combine advanced manual techniques with automation for efficient testing.

Burp can be easily configured and it contains features to assist even the most experienced testers with their work.
  _________________________

Labels:

Comments

Post a Comment

Popular posts from this blog

What is Port (computer networking)

In the internet protocol suite, a port is an endpoint of communication in an operating system. While the term is also used for female connectors on hardware devices (see computer port), in software it is a logical construct that identifies a specific process or a type of network service. A port is always associated with an IP address of a host and the protocol type of the communication, and thus completes the destination or origination network address of a communication session. A port is identified for each address and protocol by a 16-bit number, commonly known as the port number. For example, an address may be 'protocol: TCP, IP address: 1.2.3.4, port number: 80', which may be written 1.2.3.4:80 when the protocol is known from context. Specific port numbers are often used to identify specific services. _________________________
Post a Comment
Read more

What is a localhost ?

In computer networking, localhost is a hostname that means this computer. It is used to access the network services that are running on the host via its loopback network interface. Using the loopback interface bypasses any local network interface hardware. The local loopback mechanism is useful for testing software during development, independently of any networking configurations. For example, if a computer has been configured to provide a website, directing a locally running web browser to http://localhost may display its home page. On most computer systems, localhost resolves to the IP address 127.0.0.1, which is the most commonly used IPv4 loopback address, and to the IPv6 loopback address. _________________________
Post a Comment
Read more

What is Back Door?

A back door is generally a piece of code intentionally left by the developer of the software or firmware that allows access without going through the normal security process. Back doors may also be the result of different malware/virus attacks that leave a method for remote, unsecured access into a device once the malicious code has been executed. _________________________
Post a Comment
Read more