Burb Suite
Tools available
- Proxy
- Intercept and modify requests
- Repeater
- Capture, modify and resend same request multiple times
- Intruder
- Spray an endpoint with requests, often used for bruteforce attacks
- Decoder
- Decoding captured data and encoding payload prior sending
- Decoding captured data and encoding payload prior sending
- Comparer
- Compare teo peaces of data in word or byte level
- Sequencer
- Assessing randomness of tokens like session cookies
Numerous of extensions written for Burb framework with Java, Python or Ruby.
Proxy
Certificates
- http://burp/cert
- about:preferences
- certificates
- view certificates
- import
Sitemap
Automatically generate a site map for the target simply by browsing around the web app.
Scope
What sites are logged and intercepted?