Burp-suite (web Security Test Tool) tutorial

Source: Internet
Author: User

Burp Suite is an integrated platform for attacking Web applications. It contains a number of tools and has designed many interfaces for these tools to facilitate the process of speeding up attacks on applications. All tools share a powerful extensible framework that can handle and display HTTP messages, persistence, authentication, proxies, logs, alerts. This article describes its main features under:

1.Target (target)--a feature that shows the structure of the target directory
2.Proxy (proxy)-intercepts the HTTP/S proxy server as a middleman between the browser and the target application, allowing you to intercept, view, and modify raw data streams in two directions.
3.Spider (spider)-a web crawler that uses intelligent sensing to fully enumerate the contents and functions of an application.
4.Scanner (Scanner)--an advanced tool that, when executed, automatically discovers security vulnerabilities for Web applications .
5.Intruder (intrusion)-a customized, highly configurable tool for automating attacks on Web applications such as enumeration identifiers, collecting useful data, and using fuzzing technology to detect common vulnerabilities.
6.Repeater (Repeater)-a tool that manually operates to trigger individual HTTP requests and analyzes application responses.
7.SequeNcer (session)-a tool used to analyze unpredictable application session tokens and the randomness of important data items.
8.Decoder (decoder)-a tool that performs manual execution or intelligently decodes code for application data.
9.Comparer (contrast)-Usually a visual "diff" of two data is obtained through some related requests and responses.
10.Extender (Extended)-Allows you to load burp Suite extensions and use your own or third-party code to extend the functionality of Burp suit.
11.Options (Setup)-- Some settings for burp Suite network Download

Burpsuite Practical Guide

Https://www.gitbook.com/book/t0data/burpsuite/details

1.burp-suite (web Security Test tool) scenario

HTTP service-side interface test
· HTTP client and HTTP server-side communication testing
· Cokkie statistical analysis
· HTTP Server web Security scan
· Web page Crawling
· Web common encoding and decoding
• Simple analysis of string randomness
• Comparative analysis of file differences

Introduction to 2.burp-suite Installation and function modules

3.Proxy Function Module Detailed

4.Repeater function Module

5.Intruder function Module

6.Scanner function Module

7.Options function Module

8. Other functional Modules detailed

Burp-suite (web Security Test Tool) tutorial

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.