Burp Suite Essentials电子书

Burp Suite Essentials

Table of Contents

Burp Suite Essentials

Credits

About the Author

Acknowledgments

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Getting Started with Burp

Starting Burp from the command line

Specifying memory size for Burp

Specifying the maximum memory Burp is allowed to use

Ensuring that IPv4 is allowed

Working with other JVMs

Summary

2. Configuring Browsers to Proxy through Burp

Configuring widely used browsers to proxy through Burp Suite

Microsoft Internet Explorer

Google Chrome

Mozilla Firefox

Fine-grained proxy configuration

Setting up FoxyProxy

Mozilla Plug-n-Hack extension

Exclusive Firefox profile

Summary

3. Setting the Scope and Dealing with Upstream Proxies

Multiple ways to add targets to the scope

Loading a list of targets from a file

Scope and Burp Suite tools

Scope inclusion versus exclusion

Dropping out-of-scope requests

Dealing with upstream proxies and SOCKS proxies

Types of proxies supported by Burp

Working with SOCKS proxies

Using SSH tunneling as a SOCKS proxy

Setting up Burp to be a proxy server for other devices

Summary

4. SSL and Other Advanced Settings

Importing the Burp certificate in Mozilla Firefox

Importing the Burp certificate in Microsoft IE and Google Chrome

Installing the Burp certificate in iOS or Android

SSL pass-through

Invisible Proxy

Summary

5. Using Burp Tools As a Power User – Part 1

Target

Site map compare

Proxy

The Message Analysis tab

Actions on the intercepted requests

Response interception and modification

Using the Proxy history tab

Intruder

Scanner

Scanning optimization and requests

When to scan

Repeater

Summary

6. Using Burp Tools As a Power User – Part 2

Spidering

Sequencer

Analysis of the tokens

Sample analysis

Decoder

Comparer

Alerts

Summary

7. Searching, Extracting, Pattern Matching, and More

Filtering

Illustration

Matching

Grep - Match and Grep - Extract

Summary

8. Using Engagement Tools and Other Utilities

Search

Target Analyzer

Content Discovery

Task Scheduler

CSRF proof of concept Generator

Summary

9. Using Burp Extensions and Writing Your Own

Setting up the Python runtime for Burp Extensions

Setting up the Ruby environment for Burp Extensions

Loading and installing a Burp Extension from the Burp App Store

Using BApp files

Loading and installing a Burp Extension manually

Managing Burp Extensions

Memory issues with Burp Extensions

Writing our own Burp Extensions

A simple Burp Extension in Python

Noteworthy Burp Extensions

Summary

10. Saving Securely, Backing Up, and Other Maintenance Activities

Saving and restoring a state

Automatic backups

Scheduled tasks

Logging all activities

Summary

11. Resources, References, and Links

Primary references

Learning about Burp

Web application security testing with Burp

Miscellaneous security testing tutorials with Burp Suite

Pentesting thick clients

Testing mobile applications for web security using Burp Suite

Extensions references

Books

Summary

Index