Hands-On Application Penetration Testing with Burp Suite
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Types and features

Burp Suite comes with the following set of inbuilt tools to ease the life of every penetration tester:

  • Scanner: Helps in testing the website automatically for content and vulnerabilities. It has an active and a passive mode, which can be toggled and configured by the user.
  • Intruder: This allows the user to make certain changes in a captured request and through certain modifications the user can automate the task with brute force by passing different parameter values at every request.
  • Repeater: This feature allows the user to modify header values on the go and send requests to the application server over and over again.
  • Collaborator client: This is a very interesting feature provided by Burp. It allows the user to check for out-of-band vulnerabilities. These are really hot vulnerabilities, as they are not easy to find.
  • Clickbandit: This feature allows the user to create clickjacking pages against vulnerable applications.
  • Sequencer: The sequencer feature enables the user to analyze the randomness of the application's cookie generation mechanism; it gives the user a very detailed analysis of the randomness or predictability of the session.
  • Decoder: This allows the user to check for any type of encoding and allows the user to decode it to clear text and the other way around.
  • Comparer: This feature allows the user to compare responses for two or more requests to find differences in them.

Let's look at the following low-level diagram of Burp Suite:

You can see the tool segregation in the following three sections: 

  • Recon and Analysis
  • Vulnerability Detection and Exploitation
  • Tool Configuration

The preceding diagram gives you a pretty good idea of how the requests can be handled. Once the request is parsed, the tool carries out active spidering and active discovery, as well as allowing the user to do custom discovery in the recon and analysis phase. While this is ongoing, the tool actively puts all the information in the HTTP history and sitemap for later use. Once this information is gathered, a user can send any particular request to the repeater, intruder, or scanner. The scanner can be fed with the entire website post-crawl as well.

The tool configuration will allow the user to manage authentication, session handling, task scheduling, and various other tasks. The proxy is the core of the Burp Suite mechanism.  Burp Suite Scanner is an all-in-one automation kit for performing a pentest. It does everything, right from discovering content up to finding vulnerabilities. There are many more plugins that you can make use of to enhance the scanning results. We will talk about those plugins in later chapters. The Burp Scanner comprises mainly the two following parts: one is the crawl for content and the other is audit:

  • Crawl for content: The Burp crawler navigates across the application almost like a real user; it submits inputs, forms, and also captures the links and creates a complete sitemap of the application. It shows what is found and what did not return a response.
  • Audit: This is the actual scanner that will fuzz all the parameters to determine if there is a vulnerability in the application or not. It can be optimized by the user for better performance. 

Now that we are familiar with the types and features of Burp Suite, we will look into the crawling mechanism to catalog the contents of the application.

上一章目录下一章