« Previous 1 2 3

Searching for security flaws and exploits with Burp Suite

On Patrol

Conclusion

In this article, I looked at the basics of attack proxies (Burp Suite in particular), looked at the security of cookies and the various security-related fields they can have, performed brute forcing against the target application, and ran through a randomness test for the session tokens used in the application.

Although this article is designed to help developers and security technicians test for a few basic web flaws, it's not intended to be a comprehensive walkthrough of Burp Suite or a replacement for a professional security assessment.

Infos

  1. Burp Suite: http://portswigger.net/burp/
  2. Cookies Manager+: https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/#
  3. FoxyProxy Standard: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
  4. Attack types: http://www.portswigger.net/burp/help/intruder_positions.html#attacktype
  5. Example session tokens: http://www.RhinoSecurityLabs.com/example-tokens.txt

The Author

Benjamin Caudill is Principal Consultant with Rhino Security Labs. For more direction on testing your company's web application security, visit http://www.RhinoSecurityLabs.com or feel free to contact Benjamin directly at mailto:Benjamin.Caudill@RhinoSecurityLabs.com.

« Previous 1 2 3

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=