Null Bhubaneswar , profile picture
Uploaded byNull Bhubaneswar
69 views

BurpSuiteOverview

Burp Suite is an integrated platform for performing security testing of web applications. It has several built-in tools like Proxy, Scanner, Intruder, Repeater, and Decoder. Extensions can enhance Burp Suite's capabilities. The document discusses the Param Miner and Burpbounty extensions, which can identify hidden parameters and launch attacks on multiple requests. It also lists some other useful extensions and provides a demo lab and takeaways.

Embed presentation

Download to read offline
Burp Suite Overview Author: Ajit Mahapatra Date: 3/18/2023
#whoami LinkedIn • Working as Senior Solution Advisor in Deloitte USI Ajit Mahapatra
What is Burp Suite ? Burp Suite Tools Extensions: Param Miner & Burpbounty Demo Useful Extensions Takeaways Outlines
What is Burp Suite ? Burp Suite is an integrated platform for performing security testing of applications. Developed in Java by Portswigger (founder Dafydd Stuttard) Seamlessly integrated with it’s inbuilt tools to support the entire testing process Capabilities can be enhanced by installing/creating add-ons
• Dashboard • Target • Proxy • Intruder • Repeater • Sequencer • Decoder • Comparer • Extender • Project Options • User Options Burp Suite Tools
Extensions: Param Miner & Burpbounty This extension identifies hidden, unlinked parameters Guesses up to 65,536 param names per request Also harvests additional words from all in-scope traffic To use it, right click on a request in Burp and click "Guess (cookies|headers|params)" Can launch the attack on multiple selected requests at the same time Param Miner A Burp Suite extension that enhances the active and passive scanner Allows to add new and customize vulnerability profiles Simulate a manual pen-test in search of maximum efficiency without making unnecessary requests Gathers sensitive and confidential information based on profiles. Burpbounty
Useful Extensions • Burp Bounty Pro • Param Miner • ActiveScan++ • js-link-finder • Upload Scanner • Content-Type Converter • HTTP Request Smuggler • Auto repeater
Demo https://portswigger.net/web-security/web-cache- poisoning/exploiting-design-flaws/lab-web-cache- poisoning-with-an-unkeyed-header
• Analyze the mentioned and popular Burp Suite extension Apps • Use key features of Burp Suite to manage your security testing process in an effective and efficient way. Takeaways
Any Questions? https://burpbounty.net/ https://kali.org/tools/burpsuite/ https://www.geeksforgeeks.org/what-is-burp-suite/ https://portswigger.net/blog/practical-web-cache-poisoning References:

More Related Content

PPTX
Burpsuite 101
byn|u - The Open Security Community
 
PPTX
Burp suite
bySOURABH DESHMUKH
 
PDF
cybrpro-com-10-best-burp-suite-extensions-.pdf
byCyberPro Magazine
 
PDF
Burp suite
byhamdi_sevben
 
PPTX
Burp Suite Professional – Paid, with full-featured scanner and advanced tools.
bywaudit1
 
PPTX
Burp suite
bypenetration Tester
 
PPTX
Hack like a pro with burp suite by pavanw3b
byPavan M
 
PPTX
Burp_Suite_Presentation_professional.pptx
byttemp7800
 
Burpsuite 101
byn|u - The Open Security Community
 
Burp suite
bySOURABH DESHMUKH
 
cybrpro-com-10-best-burp-suite-extensions-.pdf
byCyberPro Magazine
 
Burp suite
byhamdi_sevben
 
Burp Suite Professional – Paid, with full-featured scanner and advanced tools.
bywaudit1
 
Burp suite
bypenetration Tester
 
Hack like a pro with burp suite by pavanw3b
byPavan M
 
Burp_Suite_Presentation_professional.pptx
byttemp7800
 

Similar to BurpSuiteOverview

PPTX
Burp-Suite-Champion-of-Application-Security (1).pptx
bywininlifeacademy5
 
PPTX
Burp Suite With CSRF Demo presentarion.pptx
bybeboorabi7
 
PPTX
Burp intruder
bypenetration Tester
 
PDF
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
byDevSecCon
 
PPTX
BSides Rochester 2018: Justin Moore: Automated HTTP Request Repeating With Bu...
byJosephTesta9
 
PDF
Burp suite pro tips and tricks for hacking
byfuds
 
PPTX
Burp Suite Starter
byFadi Abdulwahab
 
PDF
BSides Lisbon 2013 - All your sites belong to Burp
byTiago Mendo
 
PDF
What is Burpsuite?
byStealth Security
 
Burp-Suite-Champion-of-Application-Security (1).pptx
bywininlifeacademy5
 
Burp Suite With CSRF Demo presentarion.pptx
bybeboorabi7
 
Burp intruder
bypenetration Tester
 
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
byDevSecCon
 
BSides Rochester 2018: Justin Moore: Automated HTTP Request Repeating With Bu...
byJosephTesta9
 
Burp suite pro tips and tricks for hacking
byfuds
 
Burp Suite Starter
byFadi Abdulwahab
 
BSides Lisbon 2013 - All your sites belong to Burp
byTiago Mendo
 
What is Burpsuite?
byStealth Security
 

More from Null Bhubaneswar

PDF
WAF 101
byNull Bhubaneswar
 
PPTX
Online_financial_fraud3
byNull Bhubaneswar
 
PPTX
Web App Pen Test
byNull Bhubaneswar
 
PPTX
Blue Team
byNull Bhubaneswar
 
PPTX
OWASP TOP 10 VULNERABILITIS
byNull Bhubaneswar
 
PPTX
Linux Basic Commands
byNull Bhubaneswar
 
PPTX
Intro to Reverse Engineering
byNull Bhubaneswar
 
PPTX
Lightweight static code analysis with semgrep
byNull Bhubaneswar
 
PPTX
Saying Hello to Bug Bounty
byNull Bhubaneswar
 
PPTX
Information Security 201
byNull Bhubaneswar
 
PPTX
Online_financial_fraud Episode 2
byNull Bhubaneswar
 
PPTX
Information Security 101
byNull Bhubaneswar
 
PPTX
Cloud_PT
byNull Bhubaneswar
 
PPTX
Online Financial Fraud
byNull Bhubaneswar
 
PPTX
Introduction_to_Cloud
byNull Bhubaneswar
 
PPTX
how_to_get_into_infosec
byNull Bhubaneswar
 
WAF 101
byNull Bhubaneswar
 
Online_financial_fraud3
byNull Bhubaneswar
 
Web App Pen Test
byNull Bhubaneswar
 
Blue Team
byNull Bhubaneswar
 
OWASP TOP 10 VULNERABILITIS
byNull Bhubaneswar
 
Linux Basic Commands
byNull Bhubaneswar
 
Intro to Reverse Engineering
byNull Bhubaneswar
 
Lightweight static code analysis with semgrep
byNull Bhubaneswar
 
Saying Hello to Bug Bounty
byNull Bhubaneswar
 
Information Security 201
byNull Bhubaneswar
 
Online_financial_fraud Episode 2
byNull Bhubaneswar
 
Information Security 101
byNull Bhubaneswar
 
Cloud_PT
byNull Bhubaneswar
 
Online Financial Fraud
byNull Bhubaneswar
 
Introduction_to_Cloud
byNull Bhubaneswar
 
how_to_get_into_infosec
byNull Bhubaneswar
 

Recently uploaded

PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
How to Evaluate a High Performance Database
byScyllaDB
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
PPTX
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
How to Evaluate a High Performance Database
byScyllaDB
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 

BurpSuiteOverview