Kali Linux Tutorials - Burp Suite Penetration Testing Tools - Burp Suite Settings and Browser Configuration
What is Burp Suite ?
- Web Hacking Penetration Tool
- Proxy-based web application testing tool
- An integrated platform for performing security testing of web applications.
- The tool is written in Java and developed by PortSwigger Security.
- The tool has two versions: a free version that can be downloaded free of charge (Free Edition) and a full version that can be purchased after a trial period (Professional Edition).
Other Alternative Software for Burp Suite
Mitmproxy
- An SSL-capable and man-in-the-middle proxy for HTTP.
- Providence of console interface which allows traffic flows to inspected and edited on fly.
- The other features like mitmdump, which is a command line ethical hacking tool and providence of a tcpdump-like interface for the purpose of saving, viewing and manipulating HTTP traffic.
Charles
- An HTTP proxy / monitor / Reverse Proxy, which enables developer to view all the HTTP and SSL / HTTPS traffic between the machine & Internet.
- This ethical hacking tool includes requests, responses & HTTP headers (cookies and caching information).
Zed Attack Proxy (ZAP)
- This tool is easy to use integrated penetration testing tool for the purpose of finding vulnerabilities in web apps.
- ZAP is designed to use by the people with wide range of security experience. It is ideal for developers and functional testers who are new to penetration testing.
- Providence of automated scanners as well as a set of tools which is used to find security vulnerabilities manually.
Acunetix
- This tool can be used for the purpose of audit website security and applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner.
W3af
- This tool is used for Web Application Attack and Audit Framework. Those are founded by Andrés Riancho (Rapid7).
Probely
- This tool is used to find vulnerabilities and security issues in web applications.
- It Provides guidance for fixing.
- It follows an API - First development approach, and providing all features through an API.
Secapps
- This tool is used to find security vulnerabilities in browser.
- Experience the next generation security tools and without the need to install any other additional software.
What is kali Linux ?
- It is a Debian-derived Linux distribution and a member of UNIX OS Family.
- An Advanced Penetration Testing and Security Auditing Linux distribution.
- Maintained and Funded by Offensive Security Limited.
- Primarily designed for the purpose of Penetration Testing and Digital Forensics.
- Developed by the two people namely Mati Aharoni and Devon Kearns of Offensive Security.
Step By Step Procedure:
Step 1:
- Open the Burp suite web application.
Learn Ethical Hacking - Ethical Hacking tutorial - Open Burp Suite - Ethical Hacking examples - Ethical Hacking programs
Step 2:
- Select Temporary project and then click Next.
Learn Ethical Hacking - Ethical Hacking tutorial - Select Temporary Projects - Ethical Hacking examples - Ethical Hacking programs
Step 3:
- Select User Burp defaults and then click Start Burp.
Learn Ethical Hacking - Ethical Hacking tutorial - Select User Burp Default and Click start Burp - Ethical Hacking examples - Ethical Hacking programs
Read Also
Step 4:
Learn Ethical Hacking - Ethical Hacking tutorial - Click Intruder Select Host and Port - Ethical Hacking examples - Ethical Hacking programs
Step 5:
- Then Type IP Address with port number (127.0.0.1:8080) then hit enter then click CA Certificate.
Learn Ethical Hacking - Ethical Hacking tutorial - Click CA Certificate - Ethical Hacking examples - Ethical Hacking programs
Step 6:
- Click Save file then press ok.
Learn Ethical Hacking - Ethical Hacking tutorial - Save the File - Ethical Hacking examples - Ethical Hacking programs
Step 7:
- Choose Authorities then click Import.
Learn Ethical Hacking - Ethical Hacking tutorial - Choose Authourities and Click Import - Ethical Hacking examples - Ethical Hacking programs
Step 8:
- Here select certificate (cacert.der) then click Open.
Learn Ethical Hacking - Ethical Hacking tutorial - Choose Authourities and Click Select Certificate File - Ethical Hacking examples - Ethical Hacking programs
Step 9:
- Now type www.google.com on browser and see the responses on Burp suite window responses shown here, click Forward button.
Learn Ethical Hacking - Ethical Hacking tutorial - See the response of Burp Suite Window - Ethical Hacking examples - Ethical Hacking programs
Read Also
Step 10:
- When you Click forward button the web page will appear on the browser screen.
Learn Ethical Hacking - Ethical Hacking tutorial - Click Forward Button - Ethical Hacking examples - Ethical Hacking programs
Step 11:
- Now try to different website like demo.testfire.net
Learn Ethical Hacking - Ethical Hacking tutorial - Click Forward Button - Ethical Hacking examples - Ethical Hacking programs
Step 12:
- Page redirection, here configure target details from google.com to wikitechy.com
Learn Ethical Hacking - Ethical Hacking tutorial - Page Redirection - Ethical Hacking examples - Ethical Hacking programs
Step 13:
- Now see here the google web page is redirect to wikitechy.com and this is the simple MITM (Man in the middle) Attack.
Learn Ethical Hacking - Ethical Hacking tutorial - Redirected Webpage - Ethical Hacking examples - Ethical Hacking programs
Step 14:
- If you want to learn about Ethical Hacking Course , you can refer the following links Ethical Hacking Training in Chennai , Ethical Hacking tutorial , Hacking Course , Ethical Hacking Training , Learn Ethical Hacking