WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: BurpSuite newbie

From: "PortSwigger" <mail () portswigger net>
Date: Fri, 6 Feb 2009 08:20:44 -0000
Hi Andre

Burp Suite contains various tools to help you perform hands-on testing and
exploitation of web applications. As you browse an application, Burp builds
up a site map of all the discovered content and functionality. The Proxy
lets you view, analyse and modify all requests and responses used by the
application. Most often, you will need to modify individual requests in
various ways and look at the resulting responses to see if any
vulnerabilities are present. You can use Repeater to resend individual
requests over and over to test for issues and fine-tune your attacks. You
can also spider the application, test the randomness of its tokens (using
Sequencer), analyse any encoded data such as cookies (using Decoder), etc.

The pro version adds functionality to automate some of the testing process.
Burp Scanner performs active and passive tests for many kinds of
vulnerabilities. And Burp Intruder lets you perform automated custom attacks
to detect and exploit all kinds of issues.

The best place to start for help on using Burp is the online help
(http://portswigger.net/suite/help.html). To learn more in general about
hands-on testing, you can read my book, The Web Application Hacker's
Handbook. For more detail on individual subjects, you can look at books like
XSS Attacks (Seth Fogie) and the forthcoming SQL Injection Attacks (Justin
Clarke).

Hope that helps.

Cheers
PortSwigger


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Andre Rodrigues
Sent: 05 February 2009 20:03
To: webappsec () securityfocus com; webappsec () securityfocus com
Subject: BurpSuite newbie

Hi,

What can I do with Burp Suite in order to evaluate the security of the app´s
we develop? 


Thanks,
André


      

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in the
development of any web application. What methodology should be followed?
What tools can accelerate the assessment process? Download this Whitepaper
today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------



-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: