Burp Suite

• https://portswigger.net
• community edition only allows temporary projects
• https://portswigger.net/burp/upgrade-community-to-pro?utm_source=burp_suite_community&utm_campaign=upgrade_to_pro&utm_medium=banner&utm_content=level-up

Fiddler

• https://www.telerik.com/fiddler

Vulnerable apps

• Broken web apps - https://sourceforge.net/projects/owaspbwa/files/1.2/
• Metaspoitable

Top Menus

• Burp
• Project
• Intruder
• Repeater
• Help

Dashboard

Tasks

• Live passive Crawl from proxy - capturing "on" by default

• New Scan is not supported in community edition

• New live task is supported in community edition

• we can edit the scope of a scan by going to the setting

Event log

Issue activity

• pro version

Target

Site map

Scope

Issue definitions

Proxy

Intercept

HTTP History

• provide record of transactions

Websocket history

Options

• we can set proxy
• automatically listing on port 8080

Intruder

Target

Repeater

Sequencer

Proxying Web traffic

• configure proxy

HTTP Headers

• https://securityheaders.com/
• https://www.wpoven.com/blog/http-security-headers/