Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.
• The view expressed are my personal.
• Non of my employers are responsible for my talk.
• No offense to any one
• BurpSuite Proxy
• BurpSuite Features
• Used in any client-server model application testing.
• Commonly used to Intercept http/https request between
client and Server.
• Webapplication , moblie application testing.
• exploiting vulnerabilities, fuzzing web applications,
carrying out brute force attacks
BurpSuite Features - 1
• Interception Proxy: Designed to give the user control
over requests sent to the server.
• Repeater: The ability to rapidly repeat/modify specific
• Intruder: Feature that allows automation of custom
• Decoder: Decode and encode strings to various formats
(URL, Base64, HTML, etc.)
BurpSuite Features - 2
• Comparer: Can highlight differences between
• Extender: API to extend Burps functionality, with many
free extensions available via the BApp store.
BurpSuite Features - 3
• Spider and Discover Content feature: Crawls links on a
web application, and the discover content can be used to
dynamically enumerate unlinked content.
• Scanner (Pro Only): Automated scanner that checks for
web application vulnerabilities (XSS, SQLi, Command
Injection, File Inclusion, etc.)
• Manual Application Walkthrough
• Intercept & Scope Configuration
• Outbound SOCKS Proxy Configuration
• Using The Spider & Discover
• Using The Repeater Tab
• Using The Intruder Tab
• Text Specific Searching
• Using The Automated Scanner