Burp Suite is an integrated platform for attacking web applications.
It contains all of the Burp tools with numerous interfaces between them
designed to facilitate and speed up the process of attacking an
application. All tools share the same robust framework for handling HTTP
requests, persistence, authentication, upstream proxies, logging,
alerting and extensibility.
Burp Suite allows you to
combine manual and automated techniques to enumerate, analyse, scan,
attack and exploit web applications. The various Burp tools work
together effectively to share information and allow findings identified
within one tool to form the basis of an attack using another.
Link to Download:
http://portswigger.net/burp/download.html
Burpsuite is available in free version and pro version
Requirements to run burpsuite
--The burpsuite is developed in Java so for burpsuite to run we require JRE, that is available freely on internet
--Burpsuite
Burpsuite free version is available in Backtrack and Kali also.
Burp
acts as a web proxy, and allows you to intercept requests and
responses, and then modify them before they’re sent along to the server
or client. This is very handy stuff for attacking web applications.
The Burp Suite is made up of tools (descriptions take from the Port Swigger website):
Proxy:
Burp Proxy is an interactive HTTP/S proxy server for attacking and
testing web applications. It operates as a man-in-the-middle between the
end browser and the target web server, and allows the user to
intercept, inspect and modify the raw traffic passing in both
directions.
Spider: Burp Spider is a tool for
mapping web applications. It uses various intelligent techniques to
generate a comprehensive inventory of an application’s content and
functionality.
Scanner: Burp Scanner is a tool
for performing automated discovery of security vulnerabilities in web
applications. It is designed to be used by penetration testers, and to
fit in closely with your existing techniques and methodologies for
performing manual and semi-automated penetration tests of web
applications.
Intruder: Burp Intruder is a tool for automating customised attacks against web applications.
Repeater:
Burp Repeater is a tool for manually modifying and reissuing individual
HTTP requests, and analysing their responses. It is best used in
conjunction with the other Burp Suite tools. For example, you can send a
request to Repeater from the target site map, from the Burp Proxy
browsing history, or from the results of a Burp Intruder attack, and
manually adjust the request to fine-tune an attack or probe for
vulnerabilities.
Sequencer: Burp Sequencer is a
tool for analysing the degree of randomness in an application’s session
tokens or other items on whose unpredictability the application depends
for its security.
Decoder: Burp Decoder is a
simple tool for transforming encoded data into its canonical form, or
for transforming raw data into various encoded and hashed forms. It is
capable of intelligently recognising several encoding formats using
heuristic techniques.
Comparer: Burp Comparer is
a simple tool for performing a comparison (a visual “diff”) between any
two items of data. In the context of attacking a web application, this
requirement will typically arise when you want to quickly identify the
differences between two application responses (for example, between two
responses received in the course of a Burp Intruder attack, or between
responses to a failed login using valid and invalid usernames), or
between two application requests (for example, to identify the different
request parameters that give rise to different behaviour).
Facebook
