« Previous 1 2 3
Searching for security flaws and exploits with Burp Suite
On Patrol
Conclusion
In this article, I looked at the basics of attack proxies (Burp Suite in particular), looked at the security of cookies and the various security-related fields they can have, performed brute forcing against the target application, and ran through a randomness test for the session tokens used in the application.
Although this article is designed to help developers and security technicians test for a few basic web flaws, it's not intended to be a comprehensive walkthrough of Burp Suite or a replacement for a professional security assessment.
Infos
- Burp Suite: http://portswigger.net/burp/
- Cookies Manager+: https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/#
- FoxyProxy Standard: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
- Attack types: http://www.portswigger.net/burp/help/intruder_positions.html#attacktype
- Example session tokens: http://www.RhinoSecurityLabs.com/example-tokens.txt
« Previous 1 2 3