Skip to main content

What Is Brup Suit

What is Burp Suite?

Burp or Burp Suite is a set of tools used for penetration testing of web applications. It is developed by the company named Portswigger, which is also the alias of its founder Dafydd Stuttard. BurpSuite aims to be an all in one set of tools and its capabilities can be enhanced by installing add-ons that are called BApps.
It is the most popular tool among professional web app security researchers and bug bounty hunters. Its ease of use makes it a more suitable choice over free alternatives like OWASP ZAP. Burp Suite is available as a community edition which is free, professional edition that costs ($399/year) and an enterprise edition that costs ($3999/Year). This article gives a brief introduction to the tools offered by BurpSuite. If you are a complete beginner in Web Application Pentest/Web App Hacking/Bug Bounty, we would recommend you to just read through without thinking too much about a term.
For The First Step You Need A Target Website To Do It.

1) Target :


It is a web spider/crawler that is used to map the target web application. The objective of the mapping is to get a list of endpoints so that their functionality can be observed and potential vulnerabilities can be found. Spidering is done for a simple reason that the more endpoints you gather during your recon process, the more attack surfaces you possess during your actual testing.

2) Proxy:



BurpSuite contains an intercepting proxy that lets the user see and modify the contents of requests and responses while they are in transit. It also lets the user send the request/response under monitoring to another relevant tool in BurpSuite, removing the burden of copy-paste. The proxy server can be adjusted to run on a specific loop-back ip and a port. The proxy can also be configured to filter out specific types of request-response pairs.

3) Intruder:
              It is a fuzzer. This is used to run a set of values through an input point. The values are run and the output is observed for success/failure and content length. Usually, an anomaly results in a change in response code or content length of the response. BurpSuite allows brute-force, dictionary file and single values for its payload position. The intruder is used for:
  • Brute-force attacks on password forms, pin forms, and other such forms.
  • The dictionary attack on password forms, fields that are suspected of being vulnerable to XSS or SQL injection.
  • Testing and attacking rate limiting on the web-app.
You Can Also Watch My You Tube Video For Understand
 





This Is The Basic Of The Brup Suit When The Brupsuit Is Easy To Use It While It Was Uses And Helps To Use Of Pentration Testing









Comments

Post a Comment

Popular posts from this blog

What Is Brute Force

  What is a Brute-force attack? A  brute force  attack is an attempt to crack a password or username or find a hidden web page, or find the key used to encrypt a message, using a trial and error approach and hoping, eventually, to guess correctly. This is an old attack method, but it's still effective and popular with hackers. Brute-force attack when an attacker uses a set of predefined values to attack a target and analyze the response until he succeeds. Success depends on the set of predefined values. If it is larger, it will take more time, but there is better probability of success. The most common and easiest to understand example of the brute-force attack is the dictionary attack to crack the password. In this, attacker uses a password dictionary that contains millions of words that can be used as a password. Then the attacker tries these passwords one by one for authentication. If this dictionary contains the correct password, attacker will succeed. ...
Post a Comment
Read more

penetration Testing

                                      W What Is Penetration Testin g Penetration Testing                                 Penetration testing can help you improve both the security and quality of your product. It’s a complex yet creative process where you must understand what you’re doing and why you’re doing it. It's like in the movie. where hacker-consultants break into your corporate networks to find weaknesses before attackers do. It’s a simulated cyber attack where the pentester or ethical hacker uses the tools and techniques available to malicious hackers. Back in ye olde days of yore, hacking was hard and required a lot of manual bit fiddling. Today, though, a full suite of automated testing tools turn hackers into cyborgs, computer-enhanced humans who can test far more than ever before. ...
Post a Comment
Read more

Types Of Ethical Hackers

Types Of Hackers And Its Information Hi Today Video Is About What Is Ethical Hacking Most If Us Where Thing That’s Hacking Is A  Crime And Hacking Is Illegal… But In The Modern Technology Hacking IS Leads To EveryThing But why Hacking has many types  And there are many types of Hackers in the world but here about it we should know what are the types of hackers in the world And we are going to learn here  First Of All Who Is A Hacker A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security. ... Script kiddies: A non-skilled person who gains access to computer systems using already made tools A Hacker is a person who is intensely interested in the mysterious workings of any computer operating system. Hackers are most often programmers. They gather advanced knowledge of operating systems and programmin...
Post a Comment
Read more