From the first day to the last day, you will learn the ins and outs of Web App Pen Testing by attending thought provoking lectures led by an expert instructor. The Web Application Penetration Testing course from InfoSec Institute is a totally hands-on learning experience. We review of the entire body of knowledge as it pertains to web application pen testing through a high-energy seminar approach. Want to learn more? The InfoSec Institute Web Application Penetration Testing Boot Camp focuses on preparing you for the real world of Web App Pen Testing through extensive lab exercises, thought provoking lectures led by an expert instructor. In order to intercept the requests and manipulate them, we must configure our browser to direct its traffic through Burp’s proxy, which is 127.0.0.1:8080 by default. The proxy feature allows us to intercept and modify requests. This feature could be useful when comparing the responses with different inputs. It performs various advanced tests to figure this out.ħ) Decoder - This feature can be used to decode data to get back the original form, or to encode and encrypt data.Ĩ) Comparer - This feature is used to perform a comparison between any two requests, responses or any other form of data.
Unfortunately Burp Scanner is not available with the free edition that is included in Backtrack 5.Ĥ) Intruder - This feature can be used for various purposes like exploiting vulnerabilities, fuzzing web applications, carrying out brute force attacks etc.ĥ) Repeater - This feature is used to modify and send the same request a number of times and analyze the responses in all those different cases.Ħ) Sequencer - This feature is mainly used to check the randomness of session tokens provided by the web application. It is important to remember that no automated scanner is 100 percent accurate in its results. Some false positives might occur during the tests. The type of scanning can be passive, active or user-directed. This information can then be sent to the Burp Scanner to perform a detailed scan on all the links and content provided by the spider.ģ) Scanner - It is used to scan web applications for vulnerabilities. It automatically submits login forms (through user defined input) in case it finds any, and looks for new content from the responses. We can also drop the packets if we want so that they do not reach their intended destination, or redirect the traffic to a particular host, etc.Ģ) Spider - The spider feature of Burp Suite is used to crawl web applications looking for new links, content, etc. In order to use this proxy, we have to configure our browser to use this proxy. Using this proxy, we can intercept and modify the traffic as it flows from the client system to the web application. Overall it has the following features.ġ) Proxy - Burp Suite comes with a proxy, which runs on port 8080 by default. Some of the features that are not available in the free edition are Burp Scanner, Task Scheduler, Target Analyzer, etc.
The professional edition can be downloaded from here. In this article we will be doing a complete walkthrough of Burp Suite discussing all its major features.īurp Suite (free edition) is available by default in Backtrack 5. Its wide variety of features helps us perform various tasks, from intercepting a request and modifying it on the fly, to scanning a web application for vulnerabilities, to brute forcing login forms, to performing a check for the randomness of session tokens and many other functions. Burp Suite is one of the best tools available for web application testing.