Kali Linux Tutorials - Burp Suite Penetration Testing Tools - Burp Suite Settings and Browser Configuration




What is Burp Suite ?

  • Web Hacking Penetration Tool
  • Proxy-based web application testing tool
  • An integrated platform for performing security testing of web applications.
  • The tool is written in Java and developed by PortSwigger Security.
  • The tool has two versions: a free version that can be downloaded free of charge (Free Edition) and a full version that can be purchased after a trial period (Professional Edition).

Other Alternative Software for Burp Suite

Mitmproxy

  • An SSL-capable and man-in-the-middle proxy for HTTP.
  • Providence of console interface which allows traffic flows to inspected and edited on fly.
  • The other features like mitmdump, which is a command line ethical hacking tool and providence of a tcpdump-like interface for the purpose of saving, viewing and manipulating HTTP traffic.

Charles

  • An HTTP proxy / monitor / Reverse Proxy, which enables developer to view all the HTTP and SSL / HTTPS traffic between the machine & Internet.
  • This ethical hacking tool includes requests, responses & HTTP headers (cookies and caching information).

Zed Attack Proxy (ZAP)

  • This tool is easy to use integrated penetration testing tool for the purpose of finding vulnerabilities in web apps.
  • ZAP is designed to use by the people with wide range of security experience. It is ideal for developers and functional testers who are new to penetration testing.
  • Providence of automated scanners as well as a set of tools which is used to find security vulnerabilities manually.

Read Also

Acunetix

  • This tool can be used for the purpose of audit website security and applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner.

W3af

  • This tool is used for Web Application Attack and Audit Framework. Those are founded by Andrés Riancho (Rapid7).

Probely

  • This tool is used to find vulnerabilities and security issues in web applications.
  • It Provides guidance for fixing.
  • It follows an API - First development approach, and providing all features through an API.

Secapps

  • This tool is used to find security vulnerabilities in browser.
  • Experience the next generation security tools and without the need to install any other additional software.

What is kali Linux ?

  • It is a Debian-derived Linux distribution and a member of UNIX OS Family.
  • An Advanced Penetration Testing and Security Auditing Linux distribution.
  • Maintained and Funded by Offensive Security Limited.
  • Primarily designed for the purpose of Penetration Testing and Digital Forensics.
  • Developed by the two people namely Mati Aharoni and Devon Kearns of Offensive Security.

Step By Step Procedure:

Step 1:

  • Open the Burp suite web application.
 Open Burp Suite

Learn Ethical Hacking - Ethical Hacking tutorial - Open Burp Suite - Ethical Hacking examples - Ethical Hacking programs

Step 2:

  • Select Temporary project and then click Next.
 Select Temporary Projects

Learn Ethical Hacking - Ethical Hacking tutorial - Select Temporary Projects - Ethical Hacking examples - Ethical Hacking programs

Step 3:

  • Select User Burp defaults and then click Start Burp.
 Select User Burp Default and Click start Burp

Learn Ethical Hacking - Ethical Hacking tutorial - Select User Burp Default and Click start Burp - Ethical Hacking examples - Ethical Hacking programs

Step 4:

  • Click Intruder and Note down the Host and Port.
 Click CA Certificate

Learn Ethical Hacking - Ethical Hacking tutorial - Click Intruder Select Host and Port - Ethical Hacking examples - Ethical Hacking programs

Step 5:

  • Then Type IP Address with port number (127.0.0.1:8080) then hit enter then click CA Certificate.
 Click CA Certificate

Learn Ethical Hacking - Ethical Hacking tutorial - Click CA Certificate - Ethical Hacking examples - Ethical Hacking programs

Step 6:

  • Click Save file then press ok.
 Save the File

Learn Ethical Hacking - Ethical Hacking tutorial - Save the File - Ethical Hacking examples - Ethical Hacking programs

Step 7:

  • Choose Authorities then click Import.
 Choose Authourities and Click Import

Learn Ethical Hacking - Ethical Hacking tutorial - Choose Authourities and Click Import - Ethical Hacking examples - Ethical Hacking programs

Step 8:

  • Here select certificate (cacert.der) then click Open.
 Choose Authourities and Click Select Certificate File

Learn Ethical Hacking - Ethical Hacking tutorial - Choose Authourities and Click Select Certificate File - Ethical Hacking examples - Ethical Hacking programs

Step 9:

  • Now type www.google.com on browser and see the responses on Burp suite window responses shown here, click Forward button.
 See the response of Burp Suite Window

Learn Ethical Hacking - Ethical Hacking tutorial - See the response of Burp Suite Window - Ethical Hacking examples - Ethical Hacking programs

Step 10:

  • When you Click forward button the web page will appear on the browser screen.
 Click Forward Button

Learn Ethical Hacking - Ethical Hacking tutorial - Click Forward Button - Ethical Hacking examples - Ethical Hacking programs

Step 11:

  • Now try to different website like demo.testfire.net
 Click Forward Button

Learn Ethical Hacking - Ethical Hacking tutorial - Click Forward Button - Ethical Hacking examples - Ethical Hacking programs

Step 12:

  • Page redirection, here configure target details from google.com to wikitechy.com
 Page Redirection

Learn Ethical Hacking - Ethical Hacking tutorial - Page Redirection - Ethical Hacking examples - Ethical Hacking programs

Step 13:

  • Now see here the google web page is redirect to wikitechy.com and this is the simple MITM (Man in the middle) Attack.
 Redirected Webpage

Learn Ethical Hacking - Ethical Hacking tutorial - Redirected Webpage - Ethical Hacking examples - Ethical Hacking programs

Step 14:



Related Searches to Burp Suite Settings and Browser Configuration

Adblocker detected! Please consider reading this notice.

We've detected that you are using AdBlock Plus or some other adblocking software which is preventing the page from fully loading.

We don't have any banner, Flash, animation, obnoxious sound, or popup ad. We do not implement these annoying types of ads!

We need money to operate the site, and almost all of it comes from our online advertising.

Please add wikitechy.com to your ad blocking whitelist or disable your adblocking software.

×