Differences

This shows you the differences between two versions of the page.

--- tools_syntax_burp_suite [2022/09/24 20:58] – created gman
+++ tools_syntax_burp_suite [2022/09/25 14:37] (current) – removed gman
@@ Line 1: / Line 1: @@
-====== Burp Suite ======
-Burp Suite is a framework written in Java that aims to provide a one-stop-shop for web application penetration testing.
-  * Burp can intercept, view, and modify web requests prior to them being sent to the target server.
-===== Features =====
-  - **Proxy:** Allows us to intercept and modify requests/responses when interacting with web applications.
-  - **Repeater:** Allows us to capture, modify, then resend the same request numerous times.
-    * This feature can be absolutely invaluable, especially when we need to craft a payload through trial and error (e.g. in an SQLi -- Structured Query Language Injection) or when testing the functionality of an endpoint for flaws.
-  - **Intruder:** Allows us to spray an endpoint with requests (to bruteforce or fuzz endpoints).
-  - **Decoder:** Allows decoding of captured information or encoding of a payload prior to sending it to the target.
-  - **Comparer:** Allows us to compare two pieces of data at either word or byte level.
-  - **Sequencer:** Usually used when assessing the randomness of tokens such as session cookie values or other supposedly random generated data. If the algorithm is not generating secure random values, then this could open up some devastating avenues for attack.