EDUCBA

EDUCBA

MENUMENU
  • Free Tutorials
  • Free Courses
  • Certification Courses
  • 600+ Courses All in One Bundle
  • Login
Home Software Development Software Development Tutorials Software Development Basics Burp Suite
Secondary Sidebar
Software Development Basics
  • Basics
    • Microsoft Expression Web
    • IDE
    • Microsoft Flow
    • Unity Dashboard
    • Servlet Dispatcher
    • Types of Algorithms
    • Vue.js? nextTick
    • Vue.js Transition
    • Page Replacement Algorithms
    • What is CLI
    • Open Source Software
    • Solve Problems With Technology (Simple)
    • What is Application Software & Types
    • Microsoft Word Alternative
    • ADDIE Model
    • V-model advantages and disadvantages
    • Gatsby Plugins
    • Putty version
    • Xampp versions
    • Avro converter
    • Avro Data Types
    • Avro Schema Evolution
    • Avro Serialization
    • Cloudera Impala
    • Cloudera Careers
    • Entity Framework Core
    • Gulp File Include
    • Gulp Autoprefixer
    • Gulp File
    • Gulp Terser
    • System Software Tools
    • System Software Components
    • Typography App
    • Software as a Service (Saas)
    • Icon Font Pack
    • Interpret Results Using ANOVA Test
    • Blogging Insights Your Analytics
    • Increase Productivity Technology
    • Free Multimedia Software
    • Information Technology Benefits
    • What is SPSS and How Does It Work
    • Learn to Code For Beginners (Advance)
    • Uses of Coding
    • Uses Of Raspberry Pi
    • What Is System Design
    • Introduction to NLP
    • What is MapReduce
    • What is SoapUI
    • What is MVC
    • What is Multithreading
    • What is Neural Networks
    • What is Swift
    • What is PLC
    • What is Open Cart
    • What is Mainframe
    • What is JMS
    • What is Cognos
    • What is Open Source
    • What is Bot
    • What is SOAP
    • What is COBOL
    • What is GraphQL
    • What is Microcontroller
    • What is Open-Source License
    • What is Visual Studio Code
    • What is Pandas
    • What is Hypervisor
    • What is Common Gateway Interface
    • What is IDE?
    • What is MVC Design Pattern
    • What is Application Server
    • What is GPS
    • What is Botnet
    • What is Assembly Language
    • System Analysis And Design
    • HTTP Caching
    • What is Buffer Overflow
    • What is Ajax
    • What is Appium
    • What is SVN
    • What is SPSS
    • What is WCF
    • What is Groovy
    • What is Clickbait
    • What is SOA
    • What is GUI
    • What is FreeBSD
    • What is WebSocket
    • What is WordPress
    • What is OSPF
    • What is Coding
    • What is Raspberry Pi
    • HTTP Cookies
    • What is Hub?
    • What is Bridge
    • What is Switch
    • What is Internet Application
    • What is Sensors
    • What is Proximity Sensors
    • What is Full Stack
    • System Design Interview Questions
    • What is Salesforce technology
    • What is Salesforce Sales Cloud
    • What is OOP
    • What is CMD
    • What is React
    • React Redux Typescript
    • What is DSS
    • What is SVG
    • SVG File
    • Bash Sleep Command
    • What is MTU
    • What is Apex
    • What is Desktop Software
    • Tor Browser, Anonymity and Other Browsers
    • Avoid Pitfalls of Shadow IT
    • Freelance Web Graphic Designer
    • What is Storage Virtualization
    • What is Web Services?
    • What is Social Networking?
    • What is Microservices Architecture?
    • Microservices Tools
    • Advantages of Microservices
    • Uses of Internet
    • Software Platforms
    • Uses of Internet for Business
    • Architecture of Web Services
    • Web Application Testing
    • Advantages of Web Service
    • CPU Virtualization
    • Types of Web Services
    • Web Services Testing
    • What is RabbitMQ?
    • RabbitMQ Architecture
    • Advantages of Bitcoin
    • LINQ foreach
    • Penetration Testing Services
    • Puppet Alternatives
    • What is Memcached?
    • What is Browser?
    • Types of Satellites
    • Model Driven Architecture
    • Types of Variables in Statistics
    • Best Statistics Certifications
    • Integration Architecture
    • What is API Integration?
    • What is Grid Computing?
    • Asus File Manager
    • What is GPRS?
    • What is Gradle?
    • What is Basecamp?
    • Software System Architecture
    • GSM Architecture
    • What is Nagios?
    • AppDynamics Tool
    • Logical Architecture
    • What is Microsoft Planner
    • What is Circuit Switching
    • What is ARM?
    • Embedded Control Systems
    • Embedded System Programming
    • Embedded System Development
    • Embedded Systems Software
    • Embedded System Project
    • Types of Embedded Systems
    • Requirement Engineering
    • Types of Engineering
    • What is WAP
    • What is Registry?
    • What is Dynatrace?
    • What is Digital Forensics?
    • Hardware Virtualization
    • AppDynamics Careers
    • Bandwidth Monitoring Tools
    • Ping Monitor Tools
    • Dynatrace Tools
    • What is Trello?
    • What is AppDynamics?
    • What is Remote Desktop?
    • What is Extranet?
    • What is LTE Network?
    • What is Firebase?
    • Website Monitoring Tool
    • Number Systems
    • Service Desk Manager
    • Static Website
    • Dynamic Website
    • What is Email?
    • What is URL Link?
    • What is Program?
    • What is Lock Screen?
    • What is Grafana
    • Unguided Media Transmission
    • IT Governance
    • IT Governance Framework
    • Remote Support Softwares
    • What is Unification?
    • Topological Map
    • What is LAMP?
    • USB Flash Drive
    • Software Development Models
    • Digital Circuit
    • What is Webpack?
    • Fault Tolerance
    • What is DSL Modem?
    • What is Mozilla Firefox?
    • What is Vagrant?
    • Types of Research Methodology
    • Grafana Plugins
    • Ionic Components
    • Nginx Error_page
    • Nginx Include
    • Nginx Version
    • Nginx Force HTTPS
    • Nginx Environment Variables
    • Nginx Container
    • RabbitMQ Routing Key
    • CakePHP
    • Telegram Features
    • What is CDN
    • RethinkDB
    • Symfony Version
    • UWP
    • cPanel version
    • What is assembly?
    • Seed7
    • Switching Techniques
    • OCaml
    • Pseudocode?Algorithm
    • Quality Control Methods
    • What is OneNote?
    • Workstation Uses
    • Soft Computing Techniques
    • Remote Access Software
    • Remote Desktop Tools
    • OneNote Shortcuts
    • Software Review
    • What is Qubit?
    • Static Analysis Tools
    • Register in Microprocessor
    • What is VDI?
    • What is Svelte?
    • RabbitMQ Version
    • Groovy Version
    • Code Walkthrough
    • What is Telegram?
    • Gradle Version
    • What is Recycle Bin?
    • What is Cordova?
    • Swagger version
    • Doxygen
    • Phalcon
    • Metasploit Framework
    • Microsoft Word Shortcut Keys
    • Wordpad shortcut keys
    • Burp Suite
    • Google Docs Shortcuts
    • Install VPN
    • Frontend Challenges
    • CodeIgniter Version
    • VMware Tools
    • CDMA Advantages
    • CDMA Uses
    • Servlet Session Management
    • ServletConfig
    • Servlet Class
    • Log4j Version
    • Remote Desktop Softwares
    • Soapui Load Test
    • Scikit Learn Version
    • VMware Benefits
    • Google Slides Shortcuts
    • What is XAMPP?
    • What is PyGTK?
    • VMware Fusion
    • What is cPanel?
    • Ubuntu Version
    • Server Types
    • App Analytics Tools
    • DNS Types
    • Evernote Features
    • Restful architecture
    • GNOME Keyboard Shortcuts
    • AngelScript
    • NativeScript Layouts
    • PowerPoint Version
    • setInterval Function
    • Shopify Apps
    • TypeScript foreach loop
    • Socio Technical System
    • PowerPoint Shortcut Keys
    • Civil Engineering Tools
    • OpenLayers vs Leaflet
    • Circuit Switching Advantages and Disadvantages
    • LotusScript
    • Multiplexer
    • Multiple Access Protocol
    • Types of Broadband
    • What is Standardization
    • Methods of Development
    • Software Requirement Specification
    • CentOS restart network
    • Bouncy numbers
    • Burp suite proxy
    • Redshift window functions
    • Mesh Topology Advantages and Disadvantages
    • What is Zabbix?
    • Test Techniques
    • Test Development
    • What is PyCharm
    • What is REST
    • JDBC version
    • System software features
    • Ableton versions
    • Unreal engine version
    • RAD advantage disadvantage
    • Incremental Model Advantage and Disadvantage
    • Disadvantages of Internet
    • What is VoIP
    • WAP Architecture
    • CentOS unzip
    • Cubase Shortcuts
    • Cubase Versions
    • Libreoffice shortcut keys
    • Archiving Software
    • Layered Architecture
    • Coverage Types
    • What is Kivy?
    • Types of Methodology
    • Swift JSON
    • JSON Serialize
    • TypeScript?boolean
    • TypeScript keyof object
    • TypeScript RegEx
    • TypeScript?date
    • TypeScript object
    • CentOS Version
    • XSLT if else
    • Binary Search JavaScript
    • Binary search with recursion
    • PLSQL Replace
    • Evernote Notes
    • Rust vs Python
    • Test Scenario
    • Deadlock in Operating System
    • MVVM Architecture
    • MVVM Flutter
    • What is Keyboard
    • WordPress Hosting
    • Software requirement
    • CentOS Add User to Group
    • Backup Types
    • Firewall Rules
    • Microprocessor Features
    • Maven Versions
    • OneNote features
    • Binary search tree insertion
    • Quick sort algorithm
    • B+ tree insertion
    • What is Automation?
    • What is Digital Electronics?
    • Wireless Transmission Media
    • Border Gateway Protocol
    • Email Encryption Software
    • Endpoint Encryption
    • Outlook Alternative
    • What is Abacus
    • Encapsulation Benefits
    • FL Studio Keyboard Shortcuts
    • NordVPN Features
    • Statsmodels API
    • Statsmodels Linear Regression
    • Buzz number
    • Krishnamurthy Number
    • What is Compact Disc?
    • Bucket Sort Algorithm
    • Insertion Sort Algorithm
    • Redis Version
    • Chatbot Benefits
    • Full Stack Technologies
    • Civil Engineering Types
    • Tomcat Web Server
    • Tomcat Native
    • Tkinter Scrolledtext
    • Anaconda Navigator
    • UML Class Diagram
    • System Monitoring Tool
    • Drupal Features
    • Drupal Free Themes
    • Drupal Modules
    • Drupal 9
    • Drupal Developer
    • Drupal Webform
    • Drupal 8
    • Drupal 8 Themes
    • Drupal Views
    • System Software Functions
    • What is Linker?
    • What is K Map?
    • Website Testing Tool
    • TypeScript map
    • TypeScript enum
    • TypeScript class
    • Hill Climbing Algorithm
    • Hashmap and Hashtable
    • Nexus Plugin
    • Entity Framework Delete by ID
    • What is NumPy?
    • What is NLP?
    • Vishing Attack
    • Test Plan in Software Testing
    • Guest Mode
    • What is Mockito?
    • Advantage of the Internet
    • SVG Creator
    • Rails Logger
    • Intellij Plugins
    • Intellij Shortcuts
    • IntelliJ Maven
    • IntelliJ JavaFX
    • IntelliJ Lombok Plugin
    • IntelliJ Format Code
    • IntelliJ gitignore
    • IntelliJ Find and Replace
    • RESTEasy

Related Courses

Software Testing Training

Selenium Training Certification

Appium Training

JMeter Certification Training

Burp Suite

Burp Suite

Introduction to Burp Suite

Burp, also known as Burp Suite, is a collection of tools for web application penetration testing. The Portswigger company creates it. Burp Suite aims to be an all-in-one toolkit, and its features can be increased by installing BApps, i.e. its add-ons. Professional web application security researchers and bug bounty hunters use it the most. It is a better choice than free alternatives such as OWASP ZAP because of its ease of use.

Tools of Burp Suite

Burp Suite offers various tools, which are given as follows:

1. Spider

It’s a web crawler or spider that maps the target web application. The mapping aims to create a list of endpoints that can be examined for functionality and potential vulnerabilities. The spidering is useful because the more endpoints you collect during your recon phase, the more attack surfaces you’ll have during your actual research.

2. Proxy

Burp Suite features an intercepting proxy that helps the user access and change request and response contents while in transit. It also allows the user to submit the under-monitored request/response to another appropriate Burp Suite tool, eliminating the need for copy-paste. The proxy server may be programmed to use a particular loop-back address and port. Unique forms of request-response pairs may be filtered out using the proxy.

Start Your Free Software Development Course

Web development, programming languages, Software testing & others

3. Intruder

This is used to pass a series of values through a single input point. The values are run, and the success/failure and size of the content are evaluated. Anomalies usually result in a difference in response code or response content length. For payload position, Burp Suite supports brute-force, single values and dictionary files. The intruder is used for the following purposes:
i. Pin forms, Password forms, as well as other forms are vulnerable to brute-force attacks.
ii. The dictionary attack on password types, which are considered to be vulnerable to SQL injection or XSS.
iii. On the web app, rate limiting is being tested and attacked.

4. Repeater

Repeater allows a person to submit requests continuously when making manual changes. It is employed for the following purposes:

All in One Software Development Bundle(600+ Courses, 50+ projects)
Python TutorialC SharpJavaJavaScript
C Plus PlusSoftware TestingSQLKali Linux
Price
View Courses
600+ Online Courses | 50+ projects | 3000+ Hours | Verifiable Certificates | Lifetime Access
4.6 (86,754 ratings)

i. Checking to see how the user-supplied values are being verified.

ii. How well is it being achieved user-supplied attributes are being verified?

iii. In an input parameter/request header, what values does the server expect?

iv. What happens if the server encounters unpredictable values?

v. Is the server doing input sanitation?

vi. How well the server filter and checks the data provided by the user?

vii. Whose validating system does the server employ?

viii. Which of the cookies on a computer is the session cookie?

ix. How is CSRF security applied, and is it possible to bypass it?

5. Sequencer

The sequencer is an entropy checker that ensures that tokens created by the webserver are random. anti-CSRF and Cookies tokens are examples of these tokens, which are often used for authentication of sensitive operations. These tokens should preferably be generated in a truly random way, with the likelihood of each potential character occurring at each position shared uniformly. This can be accomplished both in terms of bits and characters. An entropy analyzer verifies that this concept is valid. It functions like this: the tokens are considered to be random at first. The tokens are then placed into a series of checks to see whether they follow those requirements. A significant point is a minimum value of probability that a token would exhibit for an attribute, such that if the token’s characteristics probability is less than the significance level, the argument that the token is random is dismissed. This method can be used to identify and count vulnerable tokens.

6. Decoder

URL, HTML, Base64, Hex, and other popular encoding methods are listed in Decoder. This method is useful for searching for datasets in parameter or header values. It’s also used to build payloads for a number of vulnerability types. It’s used to find the most common IDOR and session hijacking events.

7. Extender

External modules can be implemented into Burp Suite to expand the tool suite’s capability. external modules are named as BApps. This function in the same manner as browser extensions do. In the Extender pane, these can be accessed, updated, mounted, and uninstalled. Some of them can be used for the free community version, while others include the paid technical version.

8. Scanner

The group version does not have a scanner. It automatically searches the website for several typical vulnerabilities and lists them, along with details about the level of trust in each discovery and the difficulty of exploitation. It’s revised on a daily basis to include recent and lesser-known flaws.

Conclusion

In this article, we have seen what Burp Suite and its various modules is. I hope you will find this article helpful.

Recommended Articles

This is a guide to Burp Suite. Here we discuss the Burp Suite with its various tools like a spider, proxy, introducer, etc., with an explanation. You may also have a look at the following articles to learn more –

  1. Fuzz Testing
  2. Types of Cyber Security
  3. Ethical Hacking Tools
  4. Security Testing Tools
Popular Course in this category
Software Testing Training (11 Courses, 2 Projects)
  11 Online Courses |  2 Hands-on Projects |  65+ Hours |  Verifiable Certificate of Completion
4.5
Price

View Course

Related Courses

Selenium Automation Testing Training (11 Courses, 4+ Projects, 4 Quizzes)4.9
Appium Training (2 Courses)4.8
JMeter Testing Training (3 Courses)4.7
0 Shares
Share
Tweet
Share
Primary Sidebar
Footer
About Us
  • Blog
  • Who is EDUCBA?
  • Sign Up
  • Live Classes
  • Corporate Training
  • Certificate from Top Institutions
  • Contact Us
  • Verifiable Certificate
  • Reviews
  • Terms and Conditions
  • Privacy Policy
  •  
Apps
  • iPhone & iPad
  • Android
Resources
  • Free Courses
  • Java Tutorials
  • Python Tutorials
  • All Tutorials
Certification Courses
  • All Courses
  • Software Development Course - All in One Bundle
  • Become a Python Developer
  • Java Course
  • Become a Selenium Automation Tester
  • Become an IoT Developer
  • ASP.NET Course
  • VB.NET Course
  • PHP Course

ISO 10004:2018 & ISO 9001:2015 Certified

© 2022 - EDUCBA. ALL RIGHTS RESERVED. THE CERTIFICATION NAMES ARE THE TRADEMARKS OF THEIR RESPECTIVE OWNERS.

EDUCBA
Free Software Development Course

C# Programming, Conditional Constructs, Loops, Arrays, OOPS Concept

*Please provide your correct email id. Login details for this Free course will be emailed to you

By signing up, you agree to our Terms of Use and Privacy Policy.

EDUCBA Login

Forgot Password?

By signing up, you agree to our Terms of Use and Privacy Policy.

EDUCBA
Free Software Development Course

Web development, programming languages, Software testing & others

*Please provide your correct email id. Login details for this Free course will be emailed to you

By signing up, you agree to our Terms of Use and Privacy Policy.

EDUCBA

*Please provide your correct email id. Login details for this Free course will be emailed to you

By signing up, you agree to our Terms of Use and Privacy Policy.

Let’s Get Started

By signing up, you agree to our Terms of Use and Privacy Policy.

This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy. By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to our Privacy Policy

Loading . . .
Quiz
Question:

Answer:

Quiz Result
Total QuestionsCorrect AnswersWrong AnswersPercentage

Explore 1000+ varieties of Mock tests View more