Skip to content

Latest commit

 

History

History
35 lines (20 loc) · 1.77 KB

File metadata and controls

35 lines (20 loc) · 1.77 KB

Burpsuite-Tutorial

It is a burpsuite introduction and these are 5 lab I performed in Burpsuite.

Burp Suite is an integrated platform/graphical tool for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. Burp Suite is a fully featured web application attack tool: it does almost anything that you could ever want to do when penetration testing a web application.

It is the most popular tool among professional web app security researchers and bug bounty hunters. Its ease of use makes it a more suitable choice over free alternatives like OWASP ZAP. The tools offered by BurpSuite are:

Spider

Proxy

Intruder

Repeater

Sequencer

Decoder

Extender

Scanner

The labs I perfomred are on portswigger. Portswigger is the company that created Burpsuite.

Blind SQL injection with conditional errors Link: https://portswigger.net/web-security/sql-injection/blind/lab-conditional-errors

HTTP/2 request splitting via CRLF injection Link: https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-request-splitting-via-crlf-injection

Broken brute-force protection, multiple credentials per request Link: https://portswigger.net/web-security/authentication/password-based/lab-broken-brute-force-protection-multiple-credentials-per-request

Password reset poisoning via middleware Link: https://portswigger.net/web-security/authentication/other-mechanisms/lab-password-reset-poisoning-via-middleware

Multi-step process with no access control on one step Link: https://portswigger.net/web-security/access-control/lab-multi-step-process-with-no-access-control-on-one-step