Burp Suite
We will discover the tool but also the BURP academy which allows you to learn the different vulnerabilities and themes concerning web security.
Burp suite, what is that?
Burp Suite is an integrated platform for testing web application security. Its various tools work seamlessly to support the entire testing process, from initial mapping and analysis of an application's attack surface to finding and exploiting security vulnerabilities. Burp gives you complete control, allowing you to combine advanced manual techniques with cutting-edge automation, to make your work faster, more efficient and more fun. Definition: KALI.ORG
Simply put: Burp Suite is a framework written in Java, developed by PortSwigger Ltd, which aims to provide a unique and comprehensive service for web application penetration testing. In many ways, this goal is achieved since Burp is the industry standard tool for practical web application security assessments.
The Burp suite is also very commonly used for evaluating mobile applications, as the features that make it so attractive for testing web applications translate almost perfectly to testing the APIs that power most mobile applications.
Framework:
A framework literally means “working framework”. It provides, in fact, a base of tools and modules that can be used on different projects. For example, a framework can include predefined classes, variables and functions. Definition: PURE-ILLUSION.COM API:
API which comes from the English Application Programming Interface, or application programming interface, is a set of definitions and protocols that facilitates the creation and integration of applications. Definition: REDHAT
At the simplest level, Burp can capture and manipulate all traffic between an attacker and a web server: this is the core of the framework. After capturing the requests, we can choose to send them to various other parts of Burp (which we'll cover in more detail next):
Intruder
Repeater
Collaborator
Extender
Proxy
...
Objective and presentation
The goal is therefore to discover how BURP SUITE works, from installation to exploitation of vulnerabilities.
The PortSwigger academy offers theory and labs to learn how to use burp but also vulnerabilities linked to web applications.
Tryhackme also offers courses on the use of BURP, we will talk about it again at the end of the capsule.
The adventure will be long but it will be worth it!
Last updated