Kali Linux Tutorials - Burp Suite Penetration Testing Tools - Burp Suite Settings and Browser Configuration



What is Burp Suite ?

  • Web Hacking Penetration Tool
  • Proxy-based web application testing tool
  • An integrated platform for performing security testing of web applications.
  • The tool is written in Java and developed by PortSwigger Security.
  • The tool has two versions: a free version that can be downloaded free of charge (Free Edition) and a full version that can be purchased after a trial period (Professional Edition).

Other Alternative Software for Burp Suite

Mitmproxy

  • An SSL-capable and man-in-the-middle proxy for HTTP.
  • Providence of console interface which allows traffic flows to inspected and edited on fly.
  • The other features like mitmdump, which is a command line ethical hacking tool and providence of a tcpdump-like interface for the purpose of saving, viewing and manipulating HTTP traffic.

Charles

  • An HTTP proxy / monitor / Reverse Proxy, which enables developer to view all the HTTP and SSL / HTTPS traffic between the machine & Internet.
  • This ethical hacking tool includes requests, responses & HTTP headers (cookies and caching information).

Zed Attack Proxy (ZAP)

  • This tool is easy to use integrated penetration testing tool for the purpose of finding vulnerabilities in web apps.
  • ZAP is designed to use by the people with wide range of security experience. It is ideal for developers and functional testers who are new to penetration testing.
  • Providence of automated scanners as well as a set of tools which is used to find security vulnerabilities manually.

Read Also

Acunetix

  • This tool can be used for the purpose of audit website security and applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner.

W3af

  • This tool is used for Web Application Attack and Audit Framework. Those are founded by Andrés Riancho (Rapid7).

Probely

  • This tool is used to find vulnerabilities and security issues in web applications.
  • It Provides guidance for fixing.
  • It follows an API - First development approach, and providing all features through an API.

Secapps

  • This tool is used to find security vulnerabilities in browser.
  • Experience the next generation security tools and without the need to install any other additional software.

What is kali Linux ?

  • It is a Debian-derived Linux distribution and a member of UNIX OS Family.
  • An Advanced Penetration Testing and Security Auditing Linux distribution.
  • Maintained and Funded by Offensive Security Limited.
  • Primarily designed for the purpose of Penetration Testing and Digital Forensics.
  • Developed by the two people namely Mati Aharoni and Devon Kearns of Offensive Security.

Step By Step Procedure:

Step 1:

  • Open the Burp suite web application.
 Open Burp Suite

Learn Ethical Hacking - Ethical Hacking tutorial - Open Burp Suite - Ethical Hacking examples - Ethical Hacking programs

Step 2:

  • Select Temporary project and then click Next.
 Select Temporary Projects

Learn Ethical Hacking - Ethical Hacking tutorial - Select Temporary Projects - Ethical Hacking examples - Ethical Hacking programs

Step 3:

  • Select User Burp defaults and then click Start Burp.
 Select User Burp Default and Click start Burp

Learn Ethical Hacking - Ethical Hacking tutorial - Select User Burp Default and Click start Burp - Ethical Hacking examples - Ethical Hacking programs

Step 4:

  • Click Intruder and Note down the Host and Port.
 Click CA Certificate

Learn Ethical Hacking - Ethical Hacking tutorial - Click Intruder Select Host and Port - Ethical Hacking examples - Ethical Hacking programs

Step 5:

  • Then Type IP Address with port number (127.0.0.1:8080) then hit enter then click CA Certificate.
 Click CA Certificate

Learn Ethical Hacking - Ethical Hacking tutorial - Click CA Certificate - Ethical Hacking examples - Ethical Hacking programs

Step 6:

  • Click Save file then press ok.
 Save the File

Learn Ethical Hacking - Ethical Hacking tutorial - Save the File - Ethical Hacking examples - Ethical Hacking programs

Step 7:

  • Choose Authorities then click Import.
 Choose Authourities and Click Import

Learn Ethical Hacking - Ethical Hacking tutorial - Choose Authourities and Click Import - Ethical Hacking examples - Ethical Hacking programs

Step 8:

  • Here select certificate (cacert.der) then click Open.
 Choose Authourities and Click Select Certificate File

Learn Ethical Hacking - Ethical Hacking tutorial - Choose Authourities and Click Select Certificate File - Ethical Hacking examples - Ethical Hacking programs

Step 9:

  • Now type www.google.com on browser and see the responses on Burp suite window responses shown here, click Forward button.
 See the response of Burp Suite Window

Learn Ethical Hacking - Ethical Hacking tutorial - See the response of Burp Suite Window - Ethical Hacking examples - Ethical Hacking programs

Step 10:

  • When you Click forward button the web page will appear on the browser screen.
 Click Forward Button

Learn Ethical Hacking - Ethical Hacking tutorial - Click Forward Button - Ethical Hacking examples - Ethical Hacking programs

Step 11:

  • Now try to different website like demo.testfire.net
 Click Forward Button

Learn Ethical Hacking - Ethical Hacking tutorial - Click Forward Button - Ethical Hacking examples - Ethical Hacking programs

Step 12:

  • Page redirection, here configure target details from google.com to wikitechy.com
 Page Redirection

Learn Ethical Hacking - Ethical Hacking tutorial - Page Redirection - Ethical Hacking examples - Ethical Hacking programs

Step 13:

  • Now see here the google web page is redirect to wikitechy.com and this is the simple MITM (Man in the middle) Attack.
 Redirected Webpage

Learn Ethical Hacking - Ethical Hacking tutorial - Redirected Webpage - Ethical Hacking examples - Ethical Hacking programs

Step 14:



Related Searches to Burp Suite Settings and Browser Configuration