Burpsuite: Vulnerability Scanner to securing websites

Hey guys, Today we are here with a special article for you. After receiving many of your requests we have decided to write an article about Burpsuite and what makes this article special is that we have a special friend here who will be sharing his experience here with us. So make sure you read till the end.

What is Burpsuite?

Burp or Burpsuite is a set of tools that are used for automated, scalable web vulnerability scanning and penetration of web applications. It is mainly used to intercept web requests and responses. We will also be able to modify these requests and responses in a way that suits us. Its capabilities can also be enhanced by installing add-ons that are called B-apps. It is one of the most popular tools among web-app security researchers and professional bug-bounty hunters.

The tools offered by Burpsuite are:

1)Spider

It is a tool for automatically crawling or mapping a target web app. Since it is partially automatic it becomes an essential tool for mapping large web apps. At present spider has been replaced by Burp Crawler. The crawl and scan features are only available with Burp pro.

2)Proxy

Burpsuite has an intercepting proxy that lets users see and modify the contents of requests and responses while they are transmitting from a  target web application or website. It is an essential tool that professional security teams use. The proxy can also be configured to filter out specific types of request-response pairs.

3)Intercepter

It intercepts HTTP requests and responses sent between your browser and the target server. It is a common tool used by Bug-bounty hunters. It is also used for brute force attacks on password forms, pin forms and other such forms. It attacks forms or fields that are being suspected of being vulnerable to XSS and SQL injection.

4)Repeater

It repeats requests again and again thus proving us with easy detection of vulnerabilities like IDOR. it also used to verify whether the user-supplied values are actually verified.

5)Intruder

Intruder allows us to change variables on requests like username and password and send the request again for n times. It is also used for easy detection of vulnerabilities like DoS and Bruteforce attacks.

Some other tools regarding Burpsuite:

• Burp Client:- It acts as a remote server to hook incoming requests.
• HTTP History:- It logs every request and response sent through the proxy.
• Websocket History:-It logs every WebSockets history. It helps us to easily detect vulnerabilities on chat like applications.

Hi friends, My name is Krishnadev P Melevila, I am a self-learned cyber security analyst. I started my cybersecurity journey 1 year back and I almost hunted 15+ websites with vulnerabilities ranging from P5 to P0. And I recognized the vulnerability of almost 96% of websites through the burp suite. I used the burp suite proxy interceptor tool to do most of the IDOR attacks, Burpsuite has a great influence on the websites that I had reported for vulnerabilities. Burpsuite is very helpful in attack scenarios like horizontal privilege escalation and vertical privilege escalations. And for all beginners in the field of web application pentesting, I strongly suggest burpsuite.

Thank you Krishnadev P Melevila for sharing this amazing knowledge with us.

--

Krishnadev P Melevila

Founder Nodeista Infotech

P: 8089188971

E: sales@nodeista.com

A:

68E, Pothanicad Kothamangalam, Ernakulam, Ernakulam, 686671, IN