Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

BurpSuite Proxy

1,276 views

Published on

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

BurpSuite Proxy

  1. 1. BURP SUITE PROXY Nishanth Kumar n|u Bangalore Chapter Lead n|u / OWASP / g4h Monthly Meet 17th Oct 2015
  2. 2. Who am I ? • Info Security enthusiast • Consulting service for enterprises to implement security • Null moderator • OWASP Contributor • @nishanthkumarp
  3. 3. Wannaa tweet ? • @null0x0 • @nullblr • @OWASPBangalore • @garage4hackers • #BurpSuite • @nishanthkumarp
  4. 4. Disclosure • The view expressed are my personal. • Non of my employers are responsible for my talk. • No offense to any one
  5. 5. Contents • BurpSuite Proxy • BurpSuite Features • Demo
  6. 6. BurpSuite Proxy • Used in any client-server model application testing. • Commonly used to Intercept http/https request between client and Server. • Webapplication , moblie application testing. • exploiting vulnerabilities, fuzzing web applications, carrying out brute force attacks
  7. 7. BurpSuite Features - 1 • Interception Proxy: Designed to give the user control over requests sent to the server. • Repeater: The ability to rapidly repeat/modify specific requests. • Intruder: Feature that allows automation of custom attacks/payloads • Decoder: Decode and encode strings to various formats (URL, Base64, HTML, etc.)
  8. 8. BurpSuite Features - 2 • Comparer: Can highlight differences between requests/responses • Extender: API to extend Burps functionality, with many free extensions available via the BApp store.
  9. 9. BurpSuite Features - 3 • Spider and Discover Content feature: Crawls links on a web application, and the discover content can be used to dynamically enumerate unlinked content. • Scanner (Pro Only): Automated scanner that checks for web application vulnerabilities (XSS, SQLi, Command Injection, File Inclusion, etc.)
  10. 10. Demo • Manual Application Walkthrough • Intercept & Scope Configuration • Outbound SOCKS Proxy Configuration • Using The Spider & Discover • Using The Repeater Tab • Using The Intruder Tab • Text Specific Searching • Using The Automated Scanner
  11. 11. References • https://www.pentestgeek.com/web-applications/burp- suite-tutorial-1/ • https://www.pentestgeek.com/web-applications/burp- suite-tutorial-web-application-penetration-testing-part-2/ • http://www.hackingloops.com/burpsuite-web-application- penetration-testing.html
  12. 12. THANK YOU

×