• Skip to main content
  • Skip to primary sidebar

Technipages

Tutorials and fixes for smartphone, gadget, and computer problems

  • Topics
    • Android
    • Browsers
    • Gaming
    • Hardware
    • Internet
    • iPhone
    • Linux
    • macOS
    • Office
    • Reviews
    • Software
    • Windows
    • Definitions
  • Product Reviews
  • Downloads
  • About
What Is Burp Suite?

What Is Burp Suite?

October 30, 2020 by Mel Hawthorne Leave a Comment

Burp Suite is a suite of tools from PortSwigger designed to aid in the penetration testing of web applications over both HTTP and HTTPS. The primary tool is a proxy designed to allow the analysis and editing of web traffic. The proxy can intercept web requests and responses and read and edit them in real-time before they reach their respective destinations. Versions are available for Windows, MacOS, and Linux, along with a JAR file.

The proxy itself allows you to configure which domains have their web traffic intercepted and what sort of traffic is shown. For example, intercepting web requests is helpful as you can edit them to test how the website reacts to unusual requests, however intercepting the responses as there’s no real point in editing them.

Many of the tools included in Burp Suite are designed to integrate with the main proxy and can have requests imported to them. Intruder allows you to import a request and then configure arrange of payloads to attempt and can then run through them automatically. Repeater allows you to import a web request and then make manual modifications to it and see the response side by side allowing you to make minor adjustments to attempted exploits and easily see if it’s working. A dashboard feature shows a list of identified issues, although these need to be manually checked for false positives.

Tip: The issue tracker is a premium feature, while the automated attacks are rate-limited in the free version.

Sequencer is designed to analyse the randomness of data such as session IDs, CSRF tokens, and password reset tokens. The analysis requires more than 100 samples but can identify weaknesses in how supposedly random values are being generated. Decoder allows you to decode strings from a range of encoding standards as well as allowing you to encode data again. Comparer allows you to compare two strings to check for minor differences.

A broad range of community-written extensions is available for free from within the app, although some require features limited to the paid version of Burp Suite. The free version of Burp Suite supports most features, a professional licence to unlock all the features costs $399 a year, while an “enterprise edition” costs $3999 a year, plus $399 per scanning agent which can only be added in batches of 10.

You Might Also Like

  • How to Use Burp Suite Repeater
    How to Use Burp Suite Repeater
  • How to Use Burp Suite Decoder
    How to Use Burp Suite Decoder
  • How to Set up a Proxy Listener in Burp Suite
    How to Set up a Proxy Listener in Burp Suite
  • How to Filter the HTTP History in Burp Suite
    How to Filter the HTTP History in Burp Suite
  • How Does Burp Suite’s Intercept Function Work?
    How Does Burp Suite’s Intercept Function Work?
  • How to Add Websites to Burp Suite’s Target Scope
    How to Add Websites to Burp Suite’s Target Scope

Filed Under: Software

Reader Interactions

Did this help? Let us know!

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Recent Posts

  • How to Find Your Lost Samsung Phone
  • How to Change Microsoft 365 Two-Factor Authentication
  • How to Export Chrome Bookmarks
  • How to Make Your iPad’s Keyboard Bigger
  • How to Enable and Manage Do Not Disturb on iPad (iPadOS 16.5)
  • How to Put Apps to Sleep in Windows 11
  • Fix: Excel Opens in Tiny Window
  • What is SMPS?

Who’s Behind Technipages?

Baby and Daddy My name is Mitch Bartlett. I've been working in technology for over 20 years in a wide range of tech jobs from Tech Support to Software Testing. I started this site as a technical guide for myself and it has grown into what I hope is a useful reference for all.

© Copyright 2023 Guiding Tech Media · All Rights Reserved · Privacy