Burp Suite Compendium - Preview

Download
File
BurpSuite Compendium Preview.pdf

Dear readers,

We would like to present you our newest issue, which will mainly focus on Burp Suite. We gathered all the articles we had about this tool, added new ones and prepared this compendium. Tutorials, step by step guides, and more can be found in this edition. Hamed Farid will show you how to Extend Burp with Python. Junior Carreiro wrote an article to show you how you can use Burp to perform fuzzing web applications and discover SQL Injection flaws.

If you get tired of Burp, I recommend reading two amazing articles: “Demystifying the Dark Web” by Sayani Banerjee and “Browser Exploits: PasteJacking And XSSJacking” by Samrat Das. We hope that you will find many interesting articles inside the magazine and that you will have time to read them all.

Again special thanks to the Beta testers and Proofreaders who helped with this issue. Without your assistance there would not be a Hakin9 Magazine!

Enjoy your reading,

Hakin9 Magazine’s

Editorial Team


>>If you want to buy this magazine click here <<

>>If you are a subscriber, download your magazine here!<<


>> Table Of Contents <<


What is Burp Suite?

by Prasoon Nigam

The Burp Suite or a (Manual) Proxy tool is an intercepting proxy tool that intercepts all the traffic (Request and Response) which is sent from Client to Server and vice versa. The primary job of the Burp Suite Proxy tool is to intercept regular web traffic, which goes over Hypertext Transfer Protocol (HTTP), and with additional configuration, encrypted HTTP (HTTPS) traffic as well. Burp Suite can be used to intercept any client-server communication that goes over HTTP.


Brute forcing passwords

by Tomasz Krupa

In this article we will be testing web security of the popular WordPress engine by simulating a brute force attack using my two favourite Linux Kali tools: WPScan and Burp Suite.


Extending Burp Using Python

by Hamed Farid

You can write your own extensions in Burp using the Burp Extensibility API. The API consists of a number of Java interfaces that you will provide implementations of, depending upon what you are trying to accomplish. However, Burp is written in Java and the understeering of its APIs need some java knowledge but I think some understanding of any programming language will be enough beside searching the web for Java keywords you don’t understand. Burp extensions can be written in Java, Python, or Ruby. We’ll use Python here in this article, check the section Why Python for details.


Web Applications Pentesting Tools: Burp Suite Playbook

by Pranav Jagtap

Web Application pen testing can be done through various tools available. This article will mainly focus on ‘Burp Suite’ tool and its various interesting features. After reading this article, the reader will be able to configure burp suite with the browser, exploit XSS using burp plugins and will know how to use different tabs of burp suite.


Harnessing the lesser known “Burp macros” for Penetration Testing Web Apps

by Samrat Das

In my penetration testing career so far, while performing fuzzing of parameters and page field in web applications, I did encounter some challenges relating to session handling. In multiple cases, the application used to terminate the session being used for testing, this either happened due to some security countermeasures (for example: getting unsafe input, the session used to get logged out) or in other cases, say the Burp spider/ crawler used to fuzz the logout page parameters and terminate the session. 


Automating Manual Security Testing Using Burp Macros to Accelerate Manual Security Testing 

by Prashant Kumar Khare and Sarang Dabadghao 

The purpose of this paper is to cite an implementation approach of using automation in security testing which enhances the efficiency of doing manual security testing of a tester in much less time than anticipated. In this paper, the tool that will be referenced is Burp Suite (free version) provided by Portswigger and a demo application. This paper will cover automation using Macros in Burp Suite and its integration with Intruder and Repeater.


Burp for fuzzing

by Junior Carreiro

The purpose of this article is to show how we can use the Burp to perform a fuzzing web applications and discovered SQL Injection flaws.


Web Applications Penetration Testing Tools - Overview 

by Andrea Cavallini

Nowadays, the world of information technologies, in particular the applications development process, is strongly oriented to web implementations. Cybersecurity is important because web languages have more attack vectors than the other languages; its aim is to guarantee the CIA Triad, with confidentiality, integrity, and availability milestones. Vulnerability assessments are necessary to know the level of criticality of the entire platform or of its components; Burp Suite is one of the most important tools for Web Application Penetration Test activities (WAPT).


Demystifying the Dark Web

by Sayani Banerjee

The curiosity towards hidden and unknown is an eternal human trait. We usually navigate the World Wide Web via popular search engines like Google, Bing etc. But there is another world of secrets underneath these publicly accessible web services. It is only the surface that is indexed by the typical search engines.


Browser Exploits: PasteJacking And XSSJacking

by Samrat Das

In the field of penetration testing, we all know attacks such as Clickjacking, Cross Site Scripting. These are attacks from most commonly included OWASP Top 10 test cases. However, what about learning some client side exploits which can help us chain unexpected and not so commonly accepted attacks to perform account takeover, hijacking sessions, manipulating user clipboard remotely? Sounds exciting? Well, that’s what XSSJacking and Paste Jacking is all out, read on to know more: Today we will look into some advanced attack vectors which have been lately around sometime but not all are aware of the attack.


Download
File
BurpSuite Compendium Preview.pdf

August 20, 2021
Subscribe
Notify of
guest
1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Michael White
5 years ago

many thanks for your help

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.