Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. In its simplest form, Burp Suite can be classified as an Interception Proxy. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. It has become an industry standard suite of tools used by information security professionals. It is listed on the site under the ‘Deliberately Vulnerable’ -> ‘Web Apps’ navbar option, and it is called (drumroll….) ‘Juice Shop’.What is Burp Suite you ask? Burp Suite is a Java based Web Penetration Testing framework.
For the purposes of the rest of this series the specific section of attackdefense that we will use is the OWASP Juice Shop Vulnerable Web Application (see pun from previous paragraph). At the time I’m writing this, the site is free to use, and all you need is a Google account. The best and easiest way to get started with practicing web hacking (that I have found) is to use. All of this is just the beginning of what will eventually lead to a mastery of Burp Suite, so now is a good time to be excited. (You’ll understand that pun in a second). Maybe even squeeze some “Juice” out of it. After that, we will take a look at scoping our testing and using Burp’s built in crawl and scan tools to try and find some low hanging fruit. To start, we need to set up a good practice target. This part in the series is going to go over some basic uses of Burp to get you on the road to your first finding. Thankfully, there are many apps to test with online that are free to use in a safe environment. But where do we start? Well, I don’t recommend hitting the open information highway and testing whatever you see.
Now it’s time to hit the web and hack some apps. So you made it through Part 1? Congrats on your success – that was the most boring part.
0 kommentar(er)
