WebApp Sec mailing list archives
RE: BurpSuite newbie
From: "PortSwigger" <mail () portswigger net>
Date: Fri, 6 Feb 2009 08:20:44 -0000
Hi Andre Burp Suite contains various tools to help you perform hands-on testing and exploitation of web applications. As you browse an application, Burp builds up a site map of all the discovered content and functionality. The Proxy lets you view, analyse and modify all requests and responses used by the application. Most often, you will need to modify individual requests in various ways and look at the resulting responses to see if any vulnerabilities are present. You can use Repeater to resend individual requests over and over to test for issues and fine-tune your attacks. You can also spider the application, test the randomness of its tokens (using Sequencer), analyse any encoded data such as cookies (using Decoder), etc. The pro version adds functionality to automate some of the testing process. Burp Scanner performs active and passive tests for many kinds of vulnerabilities. And Burp Intruder lets you perform automated custom attacks to detect and exploit all kinds of issues. The best place to start for help on using Burp is the online help (http://portswigger.net/suite/help.html). To learn more in general about hands-on testing, you can read my book, The Web Application Hacker's Handbook. For more detail on individual subjects, you can look at books like XSS Attacks (Seth Fogie) and the forthcoming SQL Injection Attacks (Justin Clarke). Hope that helps. Cheers PortSwigger -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Andre Rodrigues Sent: 05 February 2009 20:03 To: webappsec () securityfocus com; webappsec () securityfocus com Subject: BurpSuite newbie Hi, What can I do with Burp Suite in order to evaluate the security of the app´s we develop? Thanks, André ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- BurpSuite newbie Andre Rodrigues (Feb 05)
- Re: BurpSuite newbie Taufiq Ali (Feb 06)
- RE: BurpSuite newbie PortSwigger (Feb 06)
- <Possible follow-ups>
- Re: BurpSuite newbie K (Feb 06)
- Re: BurpSuite newbie K (Feb 06)
- Re: BurpSuite newbie Andre Rodrigues (Feb 06)
- Re: BurpSuite newbie James Eaton-Lee (Feb 06)
- Re: BurpSuite newbie Steve Pinkham (Feb 06)
- Re: BurpSuite newbie Andre Rodrigues (Feb 06)