BurpSuite - Salem73616C656D/reading-notes GitHub Wiki

Key Takeaways

Proxy

  • allows you to configure which domains have their web traffic intercepted and what sort of traffic is shown. For example, intercepting web requests is helpful as you can edit them to test how the website reacts to unusual requests, however intercepting the responses as there’s no real point in editing them.

Sequencer

  • designed to analyse the randomness of data such as session IDs, CSRF tokens, and password reset tokens. The analysis requires more than 100 samples but can identify weaknesses in how supposedly random values are being generated.

Decoder

  • Decoder allows you to decode strings from a range of encoding standards as well as allowing you to encode data again.

Comparer

  • Comparer allows you to compare two strings to check for minor differences.

Vocabulary

Burp Suite

  • suite of tools from PortSwigger designed to aid in the penetration testing of web applications over both HTTP and HTTPS. The primary tool is a proxy designed to allow the analysis and editing of web traffic. The proxy can intercept web requests and responses and read and edit them in real-time before they reach their respective destinations. Versions are available for Windows, MacOS, and Linux, along with a JAR file.

Conclusion