Burp Suite essentials discover the secrets of web application pentesting using Burp Suite, the best tool for the job
If you are interested in learning how to test web applications and the web part of mobile applications using Burp, then this is the book for you. It is specifically designed to meet your needs if you have basic experience in using Burp and are now aiming to become a professional Burp user
| Main Author: | |
|---|---|
| Format: | eBook |
| Language: | English |
| Published: |
Birningham, UK
Packt Publishing
2014
|
| Series: | Community experience distilled
|
| Subjects: | |
| Online Access: | |
| Collection: | O'Reilly - Collection details see MPG.ReNa |
Table of Contents:
- Includes bibliographical references and index
- Exclusive Firefox profileSummary; Chapter 3: Setting the Scope and Dealing with Upstream Proxies; Multiple ways to add targets to the scope; Loading a list of targets from a file; Scope and Burp Suite tools; Scope inclusion versus exclusion; Dropping out-of-scope requests; Dealing with upstream proxies and SOCKS proxies; Types of proxies supported by Burp; Working with SOCKS proxies; Using SSH tunneling as a SOCKS proxy; Setting up Burp to be a proxy server for other devices; Summary; Chapter 4: SSL and Other Advanced Settings; Importing the Burp certificate in Mozilla Firefox
- Cover; Copyright; Credits; About the Author; Acknowledgments; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Getting Started with Burp; Starting Burp from the command line; Specifying memory size for Burp; Specifying the maximum memory Burp is allowed to use; Ensuring that IPv4 is allowed; Working with other JVMs; Summary; Chapter 2: Configuring Browsers to Proxy through Burp; Configuring browsers to proxy through Burp Suite; Microsoft Internet Explorer; Google Chrome; Mozilla Firefox; Fine-grained proxy configuration; Mozilla Plug-n-Hack extension
- Loading and installing a Burp Extension manuallyManaging Burp Extensions; Memory issues with Burp Extensions; Writing our own Burp Extensions; A simple Burp Extension in Python; Noteworthy Burp Extensions; Summary; Chapter 10: Saving Securely, Backing Up, and Other Maintenance Activities; Saving and restoring a state; Automatic backups; Scheduled tasks; Logging all activities; Summary; Chapter 11: Resources, References, and Links; Primary references; Learning about Burp; Web application security testing with Burp; Miscellaneous security testing tutorials with Burp Suite
- ComparerAlerts; Summary; Chapter 7: Searching, Extracting, Pattern Matching, and More; Filtering; Illustration; Matching; Grep
- Match and Grep
- Extract; Summary; Chapter 8: Using Engagement Tools and Other Utilities ; Search; Target Analyzer; Content Discovery; Task Scheduler; CSRF proof of concept Generator; Summary; Chapter 9: Using Burp Extensions and Writing Your Own; Setting up the Python runtime for Burp Extensions; Setting up the Ruby environment for Burp Extensions; Loading and installing a Burp Extension from the Burp App Store; Using BApp files
- Importing the Burp certificate in Microsoft IE and Google ChromeInstalling the Burp certificate in iOS or Android; SSL pass-through; Invisible Proxy; Summary; Chapter 5: Using Burp Tools As a Power User
- Part 1; Target; Site map compare; Proxy; The Message Analysis tab; Actions on the intercepted requests; Response interception and modification ; Using the Proxy history tab; Intruder; Scanner; Scanning optimization and requests; When to scan; Repeater; Summary; Chapter 6: Using Burp Tools As a Power User
- Part 2; Spidering; Sequencer; Analysis of the tokens; Sample analysis; Decoder