Burp Suite Professional
Burp Suite provides an excellent way of testing web applications for vulnerabilities, as well as an easy way to watch as traffic flows between your computer and the site you are working with.
The product displays a straightforward interface that allows you to easily see traffic, and intercept those requests so you can review, and even alter them before submitting them.
What is Burp Suite you ask?
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.
In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed. Penetration testers can pause, manipulate and replay individual HTTP requests in order to analyze potential parameters or injection points. Injection points can be specified for manual as well as automated fuzzing attacks to discover potentially unintended application behaviors, crashes and error messages.
- Create internal/operational efficiencies
- Drive innovation
- Improve business process outcomes
- Improve compliance & risk management
Key Factors of BurpSuite
- Breadth of services
- Financial/organizational viability
- Overall cost
- Product functionality and performance
- Strong services expertise
Burp’s Collaborator Functionality
The flexibility of BurpSuite is exceptional. Burp’s Collaborator functionality has been improved over previous iterations to the point where it will catch vulnerabilities (sometimes very serious, including command injection) where other scanners will not. Additionally, Burp Pro extensions can greatly increase the insight into a particular application including being able to identify script versions, export to SQLMap amongst other additional features to speed up an auditor’s work flow. In some cases it isn’t very intuitive and requires practice/training to get the most out of this tool.
- Burp Proxy
- Burp Spider
- Burp Repeater
- Burp Sequencer
- Burp Decoder
- Burp Comparer
- Burp Intruder
- Burp Scanner
- Save and Restore
- Target Analyzer
- Content Discovery
- Task Scheduler
- Release Schedule
Overcome Connection Challenges
- Burp supports platform authentication using Basic, NTLMv1 and v2, and Digest authentication types.
- You can load client SSL certificates and smart cards needed for authentication to protected applications during testing.
- You can configure all details of SSL negotiation, to help deal with unusually configured targets.
- Burp can automatically handle session handling mechanisms, including conventional logins and cross-site request forgery tokens.
- You can record macros for repeating common sequences of requests, for use within the session handling mechanism.
- You can create custom session handling rules to deal with particular situations. Session handling rules can automatically log in, detect and recover invalid sessions, and fetch valid CSRF tokens.
- The powerful Burp Extender API allows extensions to customize Burp’s behavior and integrate with other tools. Common use cases for Burp extensions include modifying HTTP requests and responses on the fly, customizing the Burp UI, adding custom Scanner checks, and accessing key runtime information including crawl and scan results.
- The BApp Store is a repository of ready-to-use extensions contributed by the Burp user community. These can be installed with a single click from within the Burp UI.
- You can easily create your own extensions using the Java, Python or Rubyprogramming languages.
- Discovered vulnerabilities can be exported as XML for importing into dozens of third-party tools that support Burp’s export format.
Download Links for Burp Suite Community Edition
Download for Windows | Download Plain JAR file