Burpsuite Beginners Guide

Burpsuite is a tool used by pentester, hackers and bug hunters for web apps security testing. In this article we will discuss some burpsuite extensions and futures that is going to help you to start with this toolkit.

1. Burpsuite 101 : this tool is invented by portswigger team it’s purpose is to facilate the process of searching, finding and exploiting websites vulnerabilities. It offers many features including proxy, scanner, repeater, intruder and so on we’ll discuss some of them in the next steps.

2. Starting with burpsuite : first things first you need to download it from https://portswigger.net/burp/documentation/desktop/getting-started/download-and-install . This software is available both of paid and free versions. The paid version has some more advanced features. When it’s installed configure your browser to start using burp proxy in order to analyse web applications traffic, i recommend to setting up with Firefox browser. Now we’ll talk about some of it’s capabilities.

3. Proxy : this module is one of the essencial burp suite features.
It allows you intercepting requests, responses modify, send and resend them also it provides you to inspect linked data between the browser and the website.

4. Scanner : Scanner module allows you to identify web applications vulnerabilities and holes such as XSS, SQL Injection, RCE and IDORS. There are also some several tools like this that provides these things such as Acunitex and Owasp Zap.

5. Intruder : The Intruder module allows you to use a wordlist of payloads either they are custom or not to test for vulnerabilities such as Brute Force attack and Fuzzing.

6. Repeater : exploring this module makes you to get to know how to modify and run requests again.

Conclusion :
BurpSuite is a mandatory toolkit for web apps security testing. In this beginners guide i gave you some knowledge and showed you an overview of some burp features that’s going to help you start with it.