1. Burp Suite
(The swiss army Knife of security tools)
• Burp Suite is widely used pentesting framework, created by
PortSwigger Web Security, to perform security testing on web
applications.
• The suite of products can be used to combine automated and
mannual testing techniques and consists of a number of different
tools, such as a proxy server, a web spider, scanner, intruder,
repeater, sequencer, decoder, collaborator and extender.
2. Configure Outbound SOCKS Proxy
• Need to confirm that Burp's proxy listener
is active and working.
• Go to the "Proxy" tab, then the "Options"
sub-tab, and look in the "Proxy Listeners"
section.
• You should see an entry in the table with
the checkbox ticked in the Running
column, and "127.0.0.1:8080" showing in
the Interface column. If so, please go to
the section "Configure your browser to
use the proxy listener" below.
•
3. Configure your browser to use the proxy listener
• Secondly, you need to configure
your browser to use the Burp
Proxy listener as its HTTP proxy
server. To do this, you need to
change your browser's proxy
settings to use the proxy host
address (by default, 127.0.0.1)
and port (by default, 8080) for
both HTTP and HTTPS protocols,
with no exceptions.
4. Crawling a web application with Burp Spider- Spidering
• Burp Spider allows to automatically crawl web
applications and retrieve visible and hidden
resources. The tool uses a combination of
techniques to maximize the result, including
following links discovered in previously saved
HTTP responses and automatically submitting
web forms.
• The first step requires setting up the spider by
using the options tab in Burp Spider. Although
in most cases, the default options are
sufficient to achieve good results, you may
want to customize some of the spider's
preference.
• For large websites, it may be necessary to modify
maximum link depth, which represents the maximum
number of redirections to follow for a resource.
• In case of fragile hosts with limited system
resources, you may need to reduce the number of
threads by changing the number in the thread count
textbox within the spider engine section. Also, you
can increase the number of retries in case of network
failure and the pause time before each trial.
• If you want to have Burp Spider automatically
submit credentials, you can define username and
password in the application login section.
5. Launching an automatic scan with Burp Scanner
• Burp Scanner is a dynamic web application
scanner, included in the Professional edition
of the Burp Suite. The tool allows you to
automatically scan websites and detect
common security flaws.
• Active Scanning: In this mode, the
detection of vulnerabilities is performed by
sending HTTP requests containing common
attack patterns and analyzing responses with
pattern-matching heuristics
• Passive Scanning: Using this mode, Burp
Scanner uses stored requests and responses
to identify flaws that can be analyzed offline
and do not require active probing
6. Automating customized attacks with Burp Intruder
• A web application security assessment consists of
testing all entry points (GET/POST parameters,
cookies, headers, and so on) with common attack
patterns and evaluate the server's responses to
identify security flaws. For instance, if you suspect
that an endpoint is vulnerable to SQL injection, you
may want to iterate the same request over and over
again by supplying different attack vectors (for
example, a single quote, a single quote and a
parenthesis, and so on) for each parameter. This is a
very time-consuming task that requires constant
supervision. Luckily, Burp Intruder can significantly
speed up the process by setting up an attack in few
seconds, sending all the requests, and collecting all
the responses.
7. Manipulating and iterating web requests with Burp Repeater
• Burp Repeater is a simple tool for
manually manipulating and reissuing
individual HTTP and WebSocket
messages, and analyzing the
application's responses. You can use
Repeater for all kinds of purposes, such
as changing parameter values to test
for input-based vulnerabilities, issuing
requests in a specific sequence to test
for logic flaws, and reissuing requests
from Burp Scanner issues to manually
verify reported issues.
8. Burpsuite Encoder & Decoder
• Burpsuite Decoder can be said as a tool which is
used for transforming encoded data into its real
form, or for transforming raw data into various
encoded and hashed forms. This tool is capable of
recognizing several encoding formats using defined
techniques. Encoding is the process of putting a
sequence of character’s (letters, numbers,
punctuation, and symbols) into a specialized
format which is used for efficient transmission or
storage. Decoding is the opposite process of
encoding the conversion of an encoded format
back into the original format. Encoding and
decoding can be used in data communications,
networking, and storage
9. Target scope
The target scope configuration lets you tell Burp, at a suite-wide level, exactly what
hosts and URLs constitute the target for your current work.
• The scope definition uses two lists of
URL-matching rules - an "include" list
and an "exclude" list. When Burp
evaluates a URL to decide if it is within
the target scope, it will be deemed to
be in scope if the URL matches at least
one "include" rule and does not
match any "exclude" rules. This
enables you to define specific hosts
and directories as being generally
within scope, and yet exclude from
that scope specific subdirectories or
files (such as logout or administrative
functions).