Searching for security flaws and exploits with Burp Suite

On Patrol

Article from ADMIN 19/2014
By
You can strengthen your web security by testing for common vulnerabilities. We show how to do this using the attack proxy known as Burp Suite.

Many automated web security tools are available in the market today, but even the best of these tools have limitations. Many web vulnerabilities are difficult – or even impossible – to detect without human interaction. Some of the best tools for web security analysis take the form of a browser (with a few simple add-ons) and an attack proxy. This article describes how attack proxies work and shows how to look for web vulnerabilities using the popular attack proxy Burp Suite.

Attack proxies vary in functionality, price, and reliability, so for consistency, I'll use Burp Suite throughout these examples. Burp Suite includes a tool for intercepting traffic (the "proxy" module itself), as well as modules for spidering sites, repeating and manipulating individual requests, sequencing random values, decoding traffic, and more. Each of these components provides unique insight into the application's functionality and security ramifications, but all require an intelligent person to decode the results.

Installation and Configuration

After you download the free edition of Burp Suite [1], simply double-click the .jar file to run the file. Once the application is running, click Proxy  | Options , and check the Proxy Listeners Section (Figure 1) to identify the IP Address and port the proxy is listening on. The default port is 127.0.0.1:8080.

...
Use Express-Checkout link below to read the full article (PDF).

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus