![]() ![]() Can be useful to see the request attempt after clicking a button or performing another action on the website. We can drop requests we don’t want to be sent.We can modify our request inline similar to what you might see in a man in the middle attack and then send them on.Requests will by default require our authorization to be sent.Be used for different reasons education filtering (common in schools where restricted content must be blocked) or accessing content that may be otherwise unavailable due to region locking or ban.įor web application testing, a proxy allows us to view and modify traffic inline at a granular level.īurp will by default be set to ‘intercept’ our traffic: Means a few things: Proxy servers by definition allow us to relay our traffic through an alternative route to the internet. This feature, while not in the community edition of Burp Suite, is still a key facet of performing a web application test. Scanner – Automated web vulnerability scanner that can highlight areas of the application for further manual investigation or possible exploitation with another section of Burp.Extender – Similar to adding mods to a game like Minecraft, Extender allows us to add components such as tool integrations, additional scan definitions, and more!.This is very similar to the Linux tool diff. Comparer – Comparer as you might have guessed is a tool we can use to compare different responses or other pieces of data such as site maps or proxy histories (awesome for access control issue testing).These transforms vary from decoding/encoding to various bases or URL encoding. Decoder – As the name suggests, Decoder is a tool that allows us to perform various transforms on pieces of data.This is commonly used for testing session cookies Sequencer – Analyzes the ‘randomness’ present in parts of the web app which are intended to be unpredictable.Often used in a precursor step to fuzzing with the aforementioned Intruder Repeater – Allows us to ‘repeat’ requests that have previously been made with or without modification.Intruder – Incredibly powerful tool for everything from field fuzzing to credential stuffing and more.We can also use this to effectively create a site map of the application we are testing. Target – How we set the scope of our project.Proxy – What allows us to funnel traffic through Burp Suite for further analysis. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |