The document provides an introduction to Burp, a proxy-based web application testing tool, highlighting its importance as a standard for manual web app testing. It discusses various functionalities of Burp, such as traffic interception and modification, and mentions other alternatives like OWASP ZAP and Telerik Fiddler. The presentation covers different Burp tools including Sitemap, Scope, Intercept, HTTP History, Spider, Scanner, Intruder, Repeater, Sequencer, and Decoder.

1. ● About me :-
● @U7KAR5H
null Bhopal
Monthly Meet
May 2016 ● Utkarsh
Bhargava
● Not a Hacker
● Chapter Lead @ null
Bhopal

2. INTRODUCTION TO BURP

3. MORE THAN JUST A SILLY NAME
• Burp is a proxy-based web application testing tool
• De-facto standard for manual web app. Testing
• Free and paid-for versions available
• Other options are available
– OWASP ZAP – upcoming Open Source alternative
– Telerik Fiddler – Primarily windows based alternative

4. WHY PROXIES?
• Intercept and modify traffic between client and server
• Bypass any JavaScript restrictions
• Access hidden fields
• Modify headers
• Modify cookies

5. BURP TOUR – SITEMAP

6. BURP TOUR – SCOPE

7. BURP TOUR INTERCEPT

8. BURP TOUR – HTTP HISTORY

9. BURP TOUR - SPIDER

10. BURP TOUR - SCANNER

11. BURP TOUR - INTRUDER

12. BURP TOUR - REPEATER

13. BURP TOUR - SEQUENCER

14. BURP TOUR - DECODER

15. BURP TOUR – OPTIONS

16. Thats all !!!
● Any Questions
● Thank You