BE-Hacktive
HackTricksTwitterLinkedInSponsorWebsite
English
English
  • BE-Hacktive
  • About the author and the project
  • Table of contents
  • Contact
  • 🎬Synopsis
    • Technology over time
    • Cybersecurity
    • CVE
  • 🏆Eskooly - CVE
    • ESKOOLY
    • CVE-2024-27709 - SQL Injection in Eskooly Web Product v.3.0
    • ESkooly - Broken Authentication
      • CVE-2024-27710 - Privilege Escalation via Authentication Mechanism in Eskooly Web Product <= v3.0
      • CVE-2024-27711 - User Enumeration via Sign-up Process in Eskooly Web Product <= v3.0
      • CVE-2024-27712 - User Enumeration via Account Settings in Eskooly Web Product <= v3.0
    • CVE-2024-27713 - Protection mechanism Failure in Eskooly Web Product <= v3.0
    • CVE-2024-27715 - Inadequate Password Update Verification in Eskooly Web Product <= v3.0
    • CVE-2024-27716 - Cross-site Scripting (XSS) in Eskooly Web Product <= v3.0
    • CVE-2024-27717 - Cross-Site Request Forgery (CSRF) in Eskooly Web Product <= v3.0
  • 🚨Tip 1 - Raising awareness
    • Phishing
      • Phishing - Origins
      • Phishing - Evolution
      • Phishing - Statistics
      • Phishing - Techniques
      • Phishing - Protection
    • Malware
      • Malware - Origines
      • Malware - Evolution
      • Malware - Categories
      • Malware - Ransomware
    • Passwords
      • Passwords - Origins
      • Passwords - Evolution of authentication
      • Passwords - Statistics
      • Passwords - Protect yourself
  • 🧨Capsule 2 - Ethical Hacking
    • Definition and Methodology
  • đź§°Capsule 3 - Tools
    • Burp Suite
      • Installation
      • Intercept HTTP traffic with Burp Proxy
      • Define the perimeter
      • Intruder et Repeater
  • Capsule 2 - Ethical Hacking
    • Page 1
  • đź“–Articles
    • Cybersecurity 2023: 5 major threats and how to protect yourself from them
    • Am I a victim of data leaks?
    • LOG4J: The vulnerable bookstore that is shaking the planet
    • LOG4SHELL: COME, SEE, LIVE
    • Protecting Your Child Online: Tips for Safer Internet Day
    • ChatGPT: Revolution or threat?
    • The FBI dismantles Raptor Train: A Chinese Botnet that Infected 260,000 IoT Devices Worldwide!
  • 🗞️News
    • Active exploitation of TP-Link, Apache and Oracle vulnerabilities detected
    • Microsoft stresses the urgency of patching Exchange servers locally
Powered by GitBook
On this page
  • Burp suite, what is that?
  • Objective and presentation
  1. Capsule 3 - Tools

Burp Suite

We will discover the tool but also the BURP academy which allows you to learn the different vulnerabilities and themes concerning web security.

PreviousDefinition and MethodologyNextInstallation

Last updated 5 months ago

Burp suite, what is that?

Simply put: Burp Suite is a framework written in Java, developed by PortSwigger Ltd, which aims to provide a unique and comprehensive service for web application penetration testing. In many ways, this goal is achieved since Burp is the industry standard tool for practical web application security assessments.

The Burp suite is also very commonly used for evaluating mobile applications, as the features that make it so attractive for testing web applications translate almost perfectly to testing the APIs that power most mobile applications.

Framework:

At the simplest level, Burp can capture and manipulate all traffic between an attacker and a web server: this is the core of the framework. After capturing the requests, we can choose to send them to various other parts of Burp (which we'll cover in more detail next):

  • Intruder

  • Repeater

  • Collaborator

  • Extender

  • Proxy

  • ...

Objective and presentation

The goal is therefore to discover how BURP SUITE works, from installation to exploitation of vulnerabilities.

The PortSwigger academy offers theory and labs to learn how to use burp but also vulnerabilities linked to web applications.

Tryhackme also offers courses on the use of BURP, we will talk about it again at the end of the capsule.

The adventure will be long but it will be worth it!

Burp Suite is an integrated platform for testing web application security. Its various tools work seamlessly to support the entire testing process, from initial mapping and analysis of an application's attack surface to finding and exploiting security vulnerabilities. Burp gives you complete control, allowing you to combine advanced manual techniques with cutting-edge automation, to make your work faster, more efficient and more fun. Definition:

A framework literally means “working framework”. It provides, in fact, a base of tools and modules that can be used on different projects. For example, a framework can include predefined classes, variables and functions. Definition: API:

API which comes from the English Application Programming Interface, or application programming interface, is a set of definitions and protocols that facilitates the creation and integration of applications. Definition:

đź§°
KALI.ORG
PURE-ILLUSION.COM
REDHAT
An example of the themes and labs available