Re: Burp Suite شرح
Kym Cavrak
Burp Suite is a software security application used for penetration testing of web applications. Both a free and a paid version of the software are available. The software is developed by the company PortSwigger.[1][2] The suite includes tools such as a proxy server (Burp Proxy), an indexing robot (Burp Spider), an intrusion tool (Burp Intruder), a vulnerability scanner (Burp Scanner) and an HTTP repeater (Burp Repeater).[3]
This guide will help by walking you through the entire process. We'll cover everything from setting up your environment and configuring the Burp Proxy, to using essential features like the Repeater, Comparer, and Intruder.
By the end of this article, you should have a solid understanding of the features of Burp. Remember that practice is essential, so be prepared to apply what you've learned from this Burp Suite tutorial to deliberately vulnerable labs, such as OWASP juice shop and DVWA.
Burp Suite was developed by PortSwigger and started in 2003 by creator Dafydd Stuttard, who wrote the first version of Burp, with actual burping sounds. A favorite of bug bounty hunters, Burp is a collection of web application testing tools designed for penetration testing.
At its core, Burp functions as an interception proxy, allowing users to redirect browser traffic through the Burp proxy server while targeting specific web applications, making it an essential tool for identifying and addressing web application vulnerabilities.
In this article, we will use the Community Edition of Burp, installed by default in Kali Linux. The Community Edition is a free version of the tool, and it includes the essential features required for the manual testing of websites and web services.
Before starting, ensure you have the latest version of Burp Suite installed on your system and the appropriate proxy settings. Installing the latest version helps keep Burp updated with essential features and fixes.
We recommend installing the FoxyProxy extension for your browser. This extension lets you quickly toggle between proxy configurations, enabling you to use Burp Suite when needed instead of manually entering settings in the browser. It is commonly used with Burp Suite to forward network traffic to Burp. FoxyProxy has a browser addon for Firefox and Chrome.
When your browser requests a secure website (HTTPS), the transmission is encrypted using SSL/TLS encryption. Burp Suite acts as a "man-in-the-middle" by intercepting and decrypting the communication using a generated certificate.
However, to do this, the client must trust the generated certificate. By importing Burp's CA certificate into the client's trust store, the client will authorize the interception and decryption performed by Burp Suite.
You can think of a proxy like a translator between two people who speak different languages. The translator (proxy) listens to one person (client), translates their message, and relays it to the other person (target server). Then, the translator listens to the response, translates it, and forwards it to the first person.
When using Burp Suite, it's crucial to understand how to work with its proxy feature effectively. The Burp Proxy will enable you to intercept HTTP requests to inspect and modify the network traffic between your browser and the target application.
From this point forward, we will use the DVWA (Damn Vulnerable Web Application) as our target to show you how to use the tools in Burp Suite. There are many other programs to help you learn web application testing using Burp Suite, such as OWASP juice shop and bWAPP to name a few.
The next step in our Burp Suite tutorial is setting the scope. The target scope defines the range of the project and ensures that the test is performed only on the specified domains, subdomains, and URL paths, rather than the entire internet.
When we click the login button, the request we make to the server will be intercepted by Burp Suite, and we will have the option to edit the parameters before sending it to the server for a response.
After we forwarded the request to the server, we can see that we could not log in with the credentials provided. In our section on the Intruder option, we will look at how we can attempt to brute force our login to the application.
Once Burp Suite has completed its crawl, you can review the discovered content in the "Target" tab under the "Site map" sub-tab. This comprehensive view of the site's structure is valuable for further testing and analysis, enabling you to identify potential vulnerabilities.
We can grab a request with the Burp Proxy, make changes, and then send the same request over and over as many times as we want, such as when we create requests from scratch using a command line tool like cURL.
We can gather a lot of information from a server response. In this case, we can see that this application is running Apache and PHP on Ubuntu. This can be helpful when doing web application penetration testing.
Once you have multiple requests or responses in Comparer, you can compare them to understand their variations. The Comparer tool highlights the differences, making analyzing how the target application processes the input easier.
Since Comparer needs more than one response, we must send a different request to the server. As this is a command execution vulnerability, we should be able to run the ls command. We will add the command after the IP address in the request and send it to the server. Then, right-click on the response and send this to Comparer.
Burp Suite's Intruder is a powerful tool for automating customized attacks against web applications. You can use it to test various inputs and identify potential vulnerabilities. For example, by intercepting a request using a login attempt, we could use Intruder to switch out the username and password fields for values from a wordlist.
To fully utilize the speed of Intruder, Burp Professional is required. Although Intruder can still be used with Burp Community, it is significantly rate-limited. Therefore most people use alternative tools for this task.
Next, click the "Payloads" sub-tab, and we can configure the payloads we want to use in the attack. Since we set two payload positions, we must set up each set. The first set is for the username, and the second is for the password.
As you can see, there is one length that is different from the others, this could indicate that we have a successful login. We can verify this by attempting to log in to the application with the credentials.
In this Burp Suite tutorial, you've learned quite a bit about how to use this great piece of software. We walked through the setup and configuration. We discussed what a proxy is and how Burp is a proxy.
We showed you how to use Burp with the Repeater function to analyze requests and responses. We showed you how to use Comparer, and we also walked you through using Intruder to brute force a login page. Finally, we showed you where you could access extensions to increase the functionality of Burp Suite.
Remember that continuous learning and practice are essential to staying current with the ever-evolving field of web application security and penetration testing. So, keep exploring new features and techniques within Burp Suite to enhance your skills and expertise.
Burp Suite Professional and Enterprise Edition have an automated vulnerability detection called Burp Scanner. Burp Community edition can detect vulnerabilities, although they need to be done manually. Some vulnerabilities the free edition can help you detect are SQL injection, Cross-site scripting, File Inclusion, and Command Injection, among others.
The paid versions have an automated web scanning tool called Burp Scanner, they also have search, target analysis, content discovery, task scheduling, and the ability to save a session and resume working later. Paid versions have access to different extensions than the Community version.
Burp or Burp Suite is a set of tools used for penetration testing of web applications. It is developed by the company named Portswigger, which is also the alias of its founder Dafydd Stuttard. BurpSuite aims to be an all in one set of tools and its capabilities can be enhanced by installing add-ons that are called BApps.
It is the most popular tool among professional web app security researchers and bug bounty hunters. Its ease of use makes it a more suitable choice over free alternatives like OWASP ZAP. Burp Suite is available as a community edition which is free, professional edition that costs $399/year and an enterprise edition that costs $3999/Year. This article gives a brief introduction to the tools offered by BurpSuite. If you are a complete beginner in Web Application Pentest/Web App Hacking/Bug Bounty, we would recommend you to just read through without thinking too much about a term.
It is a web spider/crawler that is used to map the target web application. The objective of the mapping is to get a list of endpoints so that their functionality can be observed and potential vulnerabilities can be found. Spidering is done for a simple reason that the more endpoints you gather during your recon process, the more attack surfaces you possess during your actual testing.
BurpSuite contains an intercepting proxy that lets the user see and modify the contents of requests and responses while they are in transit. It also lets the user send the request/response under monitoring to another relevant tool in BurpSuite, removing the burden of copy-paste. The proxy server can be adjusted to run on a specific loop-back ip and a port. The proxy can also be configured to filter out specific types of request-response pairs.
It is a fuzzer. This is used to run a set of values through an input point. The values are run and the output is observed for success/failure and content length. Usually, an anomaly results in a change in response code or content length of the response. BurpSuite allows brute-force, dictionary file and single values for its payload position. The intruder is used for:
03c5feb9e7