Previous guidance covered the basics of Burp Suite, including its several editions. We broke down the variations across versions and walked you through each one’s unique characteristics. Recognized the steps necessary to set up and initiate use of this tool.
We also went through how to set up a Burp Suite project, configure proxy settings in your preferred web browser, and intercept requests with Burp Suite.
In this continuation of our tutorial on this security tool, we will cover topics including certificate authority installation, intruder tool use, repeater tool use, target tool use, configuration of scanning settings, and the generation of your scan report.
Integrating the Burp Suite Certificate Authority
The Burp Suite CA certificate is installed so that only websites that have been verified as safe can communicate with your browser.
Certificate Authority for Burp Suite can be installed in a number of ways, some of which are browser-specific. In this article, we will show you how to add the Burp Suite CA certificate to the Firefox and Chrome browsers.
Start up Burp Suite by going to http://burpsuite in browsers like Firefox and Chrome. In the following window, you’ll see the words “Welcome to Burp Suite professional.”
To use Firefox
To get the certificate authority, go to the top-right of the website, select CA Certificate, and then start the download. Remember the location where the setup files fell.
Tab Intruder Burp Suit
This is a highly effective instrument for launching a wide variety of attacks on web-based software. It requires little effort to set up and can speed up and improve the efficiency of a variety of testing procedures. Perfect for both brute-force attacks and complex blind SQL injections, this tool has many practical applications.
Most of the time, Burp Suite Intruder will make an HTTP request and then let you tweak the request to your liking. The application’s response times to requests can be examined with this instrument.
Each attack must have a list of payloads, together with precise instructions for where in the initial request those payloads should be dropped or dropped. To construct or produce your payloads, we now provide a variety of options. We have several different types of payloads, including a simple list, username generator, numbers, brute forcer, runtime file, bit flipper, and many more.
The Burp Suite intruder employs a number of different techniques to aid in precisely positioning these payloads.
Intruders from the Burp Suite can be used to perform enumeration of identities, extraction of valuable data, and fuzzing activities to find weaknesses.
Burp Suite Repetition Tab
In order to further evaluate the response, Burp Suite Repeater allows users to manually alter and re-send specific HTTP requests. It’s a multipurpose instrument for exploring input-related difficulties by modifying specific parameters. To check for holes in business logic, this tool issues requests in a specific way.
If you’re working on multiple requests at once, the Burp Suite Repeater can let you switch between them easily. Each request that was sent to the Repeater appeared in its own numbered tab.
It’s the Tab for The Burp Suite Target
Intentional Site Map
Access a high-level view of your target app’s structure and features with the aid of Burp Suite’s Site map tool (included in the Target tab). On the left, you’ll see a tree view representing the structure of a URL in a hierarchical organization, with domains, directories, folders, and files all having their own individual nodes.
You can get more information by expanding the tree’s branches, and then selecting the item for which you’re looking for details; if you do that, the right-hand view will update to show you everything there is to know about that object.
Instructions for Producing a Document in Html or XML\
After a thorough application scan is complete, you can get the results in HTML or XML formatted reports. Select all the problems in the Issues view of the Site map or the issue activity log, then select Report selected issues from the shortcut menu to export the report generated by the Burp Suite after scanning. As you customize your report using the Burp Scanner reporting wizard, you’ll see the various available options.