Tools & Utility
Burp Suite
The leading web application security testing platform with proxy, scanner, and intruder tools.
#web#proxy#scanner#pentesting
Burp Suite: Web Application Security Testing
Burp Suite is the leading platform for web application security testing, providing tools to intercept, modify, and analyze HTTP/HTTPS traffic.
Key Components
- Proxy: Intercept and modify requests/responses
- Repeater: Manually modify and resend requests
- Intruder: Automated customized attacks
- Scanner (Pro): Automated vulnerability scanning
- Decoder: Encode/decode data
- Comparer: Compare requests/responses
Proxy Setup
1. Configure browser proxy: 127.0.0.1:8080
2. Install Burp's CA certificate for HTTPS interception
3. Intercept is on by default
Intruder Attack Types
- Sniper: Single payload position
- Battering Ram: Same payload in all positions
- Pitchfork: Different payload lists, synced
- Cluster Bomb: All payload combinations