Burp-suite (web Security Test Tool) tutorial

Burp Suite is an integrated platform for attacking Web applications. It contains a number of tools and has designed many interfaces for these tools to facilitate the process of speeding up attacks on applications. All tools share a powerful extensible framework that can handle and display HTTP messages, persistence, authentication, proxies, logs, alerts. This article describes its main features under:

1.Target (target)--a feature that shows the structure of the target directory
2.Proxy (proxy)-intercepts the HTTP/S proxy server as a middleman between the browser and the target application, allowing you to intercept, view, and modify raw data streams in two directions.
3.Spider (spider)-a web crawler that uses intelligent sensing to fully enumerate the contents and functions of an application.
4.Scanner (Scanner)--an advanced tool that, when executed, automatically discovers security vulnerabilities for Web applications .
5.Intruder (intrusion)-a customized, highly configurable tool for automating attacks on Web applications such as enumeration identifiers, collecting useful data, and using fuzzing technology to detect common vulnerabilities.
6.Repeater (Repeater)-a tool that manually operates to trigger individual HTTP requests and analyzes application responses.
7.SequeNcer (session)-a tool used to analyze unpredictable application session tokens and the randomness of important data items.
8.Decoder (decoder)-a tool that performs manual execution or intelligently decodes code for application data.
9.Comparer (contrast)-Usually a visual "diff" of two data is obtained through some related requests and responses.
10.Extender (Extended)-Allows you to load burp Suite extensions and use your own or third-party code to extend the functionality of Burp suit.
11.Options (Setup)-- Some settings for burp Suite network Download

Burpsuite Practical Guide

Https://www.gitbook.com/book/t0data/burpsuite/details

1.burp-suite (web Security Test tool) scenario

HTTP service-side interface test
· HTTP client and HTTP server-side communication testing
· Cokkie statistical analysis
· HTTP Server web Security scan
· Web page Crawling
· Web common encoding and decoding
• Simple analysis of string randomness
• Comparative analysis of file differences

Introduction to 2.burp-suite Installation and function modules

3.Proxy Function Module Detailed

4.Repeater function Module

5.Intruder function Module

6.Scanner function Module

7.Options function Module

8. Other functional Modules detailed

Burp-suite (web Security Test Tool) tutorial