Introduction – A Burp suite tutorial

Today in this burp suite tutorial we are going to learn what a Burp Suite and how to use a burp suite. It is an integrated platform that meticulously tests the security of web applications.

  1. What is a Burp Suite?
  2. What is acquiring Burp suite?
  3. Running Burp suite and Configuring your Browser
  4. What is Spider?
  5. How to run a spider?
  6. What is Scanning? 

1. What is a Burp Suite?

Burp or Burp Suite- a set of tools used for penetration testing of web applications. It checks for the security of web applications. It is like a coach teaching his disciples. Blow by blow on the disciple to teach him of his shortcomings. To teach him of his mistakes, to make him stronger. It runs repeated tests to make the application based website. almost impenetrable to fuzzing attacks. It contains an intercepting proxy that lets the user see and modify the contents of requests and responses while they are in transit.

It also lets the user send the request/response under monitoring to another relevant tool in it,  removing the burden of copy-paste. The proxy server can be adjusted to run on a specific loop-back IP and a port. The proxy can also be configured to filter out specific types of request-response pair

2. What is acquiring the Burp suite?

This burp suite tutorial shall provide you with the ultimate guide to acquire a burp suite. 

First things first, burp suite is a Java file so after downloading Burp Suite no installation is required. It runs on a number of platforms that support Java. On opening burp suite it runs automatically. It’s running on various platforms. Almost all locally used platforms are compatible.                            

3. Running Burp suite and Configuring your Browser

 To show various models and run some tests we shall be going to make use of the paid version. We’ll be putting this version to use. Next, you have to configure the browser such that it utilizes Burp Suite.

Next, go on the network here. Then you need to make a proxy change such that you get a specific proxy server (Mine is my localhost). Set your proxy such that all the browser passes untethered through the burp suite.

Make a proxy for bypass. I’m doing on localhost If I do not wish to send through Burp. To surely bypasses burp,  a zero proxy must be set under setting from your browser.

Anything which the browser does under the table, you might remove proxy for it, hence it doesn’t automatically go into Burp suite. Let’s make the interface with Burp squeaky clean and we shall be viewing just the websites which we really need to work with. So I’m going to shut it and will back out of settings. Next, we’ve got Burp working as well as running smoothly, such that the proxy’s good, now we shall make use of our browser to channel via Burp Suite.

In this burp suite tutorial, we are going to explain the burp suite tools to you. Burp Suite has the following tools:-

  • Spider 
  • Proxy 
  • Intruder
  • Repeater
  • Sequencer 
  • Decoder
  • Extender
  • Scanner

4. What is Spider?

It’s a web spider/crawler which is used to map target web application. The purpose of mapping is to get a worklist of endpoints so that their performance can be observed and potential vulnerabilities can be found. 

5. How to run a spider?

And it’s pretty simple to run a spider across verb suite. Right-click it and select the website. Now you need to spider this particular host.  It’s going to inquire if I need to change the scope to bag in the items excluded out of the scope? we haven’t added this before. It’s not within our scopes. Hence we’re going to bag the item under the scope. We will be able to go over there, check what we’ve actually done add the site of our choice to the scope. We could of course do any series of sites we wish in our scope.

6. What is Scanning? 

Firefox loaded few pages for us. As of now, we are done with a  bit of free/passive scanning up till now. Now in this burp suite tutorial, we will teach you active scanning. Next right click on the target you want. You can opt for multiple selections too. 

Right-click over that target that you wish to view. Now comes up our favourite,  active scanning wizard. Now we’ll be going to delete duplicates that have one URL and other parameters. So we’re going to now run this via the wizard. Click on okay, now the Wizard Scanner of Burp Suite is shall start. Go on to the allotted scan queue. Errors present shall be shown as well as their status. A number of errors shall be shown too. The issues found shall be portrayed in a colour-coded manner. The scan will get through make all the necessary requests that are required to make to finish the scan.

Conclusion

Now that you’ve learned how to use burp suite tool you’ll understand its efficacy. All in all this burp suite tutorial gives you a hands-on experience It helps in exploiting and undermining security vulnerabilities. Burp suite tool gives you a fair idea of your work and web applications more effectively, and makes your job easier!

So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give them an edge in this competitive world.

ALSO READ

SHARE