Weitere ähnliche Inhalte
Ähnlich wie Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali
Ähnlich wie Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali
- 1. Burp Suite 101 What, Why and How
- 2. ● Software Engineer & Researcher at CyberForge Academy ● Final year, B. Tech. CSE @ LPU ● Engaged in Research, Creating course content/setups ● Developing SaaS software and open source tools ● Interned with Web3verse Academy, a Singapore-based startup focused on Web3 education and Namekart, a domain name brokerage firm. ● Interested in Art and craft 🎨 $ whoami
- 3. Table of contents 01 04 02 05 03 06 Introduction Why Burp Suite Burp Proxy Burp Intruder Burp Spider & Repeater Burp Scanner
- 4. ● Suite of security testing tools ● Used for penetration testing on Web Apps. ● Developed by PortSwigger ● Both Free and paid version ● Cross-platform (Windows/Linux/MacOS) ● Suite includes tools such as : ○ Burp Proxy ○ Burp Spider ○ Burp Intruder ○ Burp Scanner ○ Burp Repeater What is Burp Suite ?
- 5. Why Burp Suite? ● Comprehensive Testing Suite ● Identify Vulnerabilities Example: Discovering XSS flaws by analyzing HTTP responses. ● Customizable Testing Example: Using Burp Intruder for tailored security assessments. ● Real-Time Monitoring Example: Intercepting and modifying HTTP requests with Burp Proxy.
- 11. ● Intercepting proxy tool utilized for various security testing ● Intercepting and analyzing HTTP/S requests and responses. ● Modifying requests and responses to test application behavior. ● Logs HTTP traffic for reviewing, tracking changes, and identifying web app issues. ● Options-Forward Request , Drop Request , Edit Request 1. Burp Proxy
- 13. Burp Proxy Setup & Intercept
- 14. ● Dynamic request modification for HTTP testing ● Automation of attack scenarios like brute-force and fuzzing ● Customizable payloads for tailored attacks ● Advanced analysis and reporting for efficient vulnerability identification 2. Burp Intruder
- 17. ● Automated web application crawler. ● Maps out application structure and discovers URLs and parameters. ● Passive Crawling: Observes traffic flow within Burp Suite to identify URLs and parameters. ● Active Crawling: Actively sends requests to the target application to explore and discover new URLs and parameters. 3. Burp Spider
- 18. Source: Burp Suite Professional Web Vulnerability Scanner | E-SPIN Group (e-spincorp.com)
- 19. ● For Manually modifying and replaying HTTP requests. ● To review individual requests and analyze application responses. ● Modify parameters, headers, and payloads to test application behavior. 4. Burp Repeater
- 22. ● Automated web vulnerability scanner. ● Identifies security flaws in web applications. ● Two key Phases: ○ Audit: Identifies vulnerabilities in web applications. ○ Crawl: Maps application structure and discovers endpoints. ● Features include vulnerability detection ,customizable scanning options, scan scheduling, reporting, and scan feedback. 5. Burp Scanner
- 23. Source: Burp Suite Professional Web Vulnerability Scanner | E-SPIN Group (e-spincorp.com)
- 24. Cyber News
- 25. Source: Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack (thehackernews.com)
- 26. Source : Millions of hotel doors vulnerable to attack, researchers find | Cybernews
- 27. Source : Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
- 28. CREDITS: This presentation template was created by Slidesgo, and includes icons by Flaticon, and infographics & images by Freepik Thanks! Do you have any questions? contact@cyberforge.academy +91 8837537763 https://cyberforge.academy https://github.com/CyberForgeAcademy/Workshops