🛠Security Tool Cheatsheet
Alex Morgan — Senior Penetration Tester
What is Burp Suite?
Burp Suite is a powerful web application security testing tool developed by PortSwigger. It provides a range of tools to perform testing for vulnerabilities in web applications. From intercepting web traffic to scanning for security weaknesses, Burp Suite is an essential tool for penetration testers and security analysts.
Installation
Burp Suite can be downloaded from the official PortSwigger website. Follow the installation instructions for your operating system. For Linux users, you can download the .jar file and run it using:
java -jar burpsuite_community_v*.jar
Basic Syntax
Burp Suite operates primarily through its graphical user interface (GUI). Most tasks are executed via the interface; however, there are command line options for advanced users. To start Burp Suite from the command line in a headless environment, you can use:
java -jar burpsuite_pro_v*.jar --config-file burp-config.json
Discovery
Spidering
Use the Spider tool to automatically crawl your target application. Set the target in Proxy > Target and start Spider.
Right-click on the target > Spider this URL
Target Directed Scan
To specify parameters for the spider:
1. Click on "Target".
2. Navigate to "Site Map".
3. Right-click on a URL > "Spider from here...".
Scanning
Active Scan
To perform an active scan against a target:
Right-click on the target > Active Scan
Scan Configuration
Adjust settings under Project > Options > Scanner to customize scan types and methods.
Exploitation
Repeater
Use Repeater to manually modify and send requests:
Right-click on a request > Send to Repeater
Intruder
Set up Intruder for automated attack patterns:
Right-click a request > Send to Intruder
Analysis
Extender
Manage extensions via the BApp Store to integrate additional features:
Go to Extender > BApp Store
Collaborator
Leverage Burp Collaborator for detecting out-of-band issues:
Use the Collaborator feature from the project menu.
Evasion
Proxy Settings
Modify your proxy settings for evasion tactics:
Project > Options > Proxy
User-Agent Switching
Change User-Agent strings in the Proxy settings for better evasion:
Modify the User-Agent header in the HTTP history tab.
Reporting
Generating Reports
To generate a report:
Project > Reports > Generate Report
Custom Report Templates
Customize report templates through:
Settings > Reporting Templates
Quick Reference Table
| Flag | Description |
|---|---|
| –config-file | Specify a configuration file to load on startup. |
Pro Tips
- Always have the latest version of Burp Suite to benefit from new features and bug fixes.
- Explore the BApp Store for extensions that can expand Burp’s functionality, such as vulnerability scanners and payload generators.
- Utilize the “Search” feature to find specific requests or responses quickly.
Real-World Examples
1. **Finding SQL Injection**: Use the proxy to capture a login request. Modify the parameters in Repeater with payloads like `’ OR ‘1’=’1` to identify potential SQL injection vulnerabilities.
2. **Brute Forcing Login**: Configure Intruder with a list of passwords and target a login form, utilizing the “Sniper” attack mode for focused attempts.