Burp Suite Essentials

Discover the secrets of web application pentesting using Burp Suite, the best tool for the job
Preview in Mapt
Code Files

Burp Suite Essentials

Akash Mahajan

1 customer reviews
Discover the secrets of web application pentesting using Burp Suite, the best tool for the job
Mapt Subscription
FREE
$29.99/m after trial
eBook
$10.00
RRP $17.99
Save 44%
Print + eBook
$29.99
RRP $29.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$10.00
$29.99
$29.99 p/m after trial
RRP $17.99
RRP $29.99
Subscription
eBook
Print + eBook
Start 30 Day Trial

Frequently bought together


Burp Suite Essentials Book Cover
Burp Suite Essentials
$ 17.99
$ 10.00
Unity 2017 Game Development Essentials - Third Edition Book Cover
Unity 2017 Game Development Essentials - Third Edition
$ 39.99
$ 10.00
Buy 2 for $20.00
Save $37.98
Add to Cart

Book Details

ISBN 139781783550111
Paperback144 pages

Book Description

This book aims to impart the skills of a professional Burp user to empower you to successfully perform various kinds of tests on any web application of your choice. It begins by acquainting you with Burp Suite on various operating systems and showing you how to customize the settings for maximum performance. You will then get to grips with SSH port forwarding and SOCKS-based proxies. You will also get hands-on experience in leveraging the features of Burp tools such as Target, Proxy, Intruder, Scanner, Repeater, Spider, Sequencer, Decoder, and more. You will then move on to searching, extracting, and matching patterns for requests and responses, and you will learn how to work with upstream proxies and SSL certificates. Next, you will dive into the world of Burp Extensions and also learn how to write simple extensions of your own in Java, Python, and Ruby.

As a professional tester, you will need to be able to report your work, safeguard it, and sometimes even extend the tools that you are using; you will learn how to do all this in the concluding chapters of this book.

Table of Contents

Chapter 1: Getting Started with Burp
Starting Burp from the command line
Specifying memory size for Burp
Ensuring that IPv4 is allowed
Working with other JVMs
Summary
Chapter 2: Configuring Browsers to Proxy through Burp
Configuring widely used browsers to proxy through Burp Suite
Summary
Chapter 3: Setting the Scope and Dealing with Upstream Proxies
Multiple ways to add targets to the scope
Scope and Burp Suite tools
Scope inclusion versus exclusion
Dropping out-of-scope requests
Dealing with upstream proxies and SOCKS proxies
Summary
Chapter 4: SSL and Other Advanced Settings
Importing the Burp certificate in Mozilla Firefox
Importing the Burp certificate in Microsoft IE and Google Chrome
Installing the Burp certificate in iOS or Android
SSL pass-through
Invisible Proxy
Summary
Chapter 5: Using Burp Tools As a Power User – Part 1
Target
Proxy
The Message Analysis tab
Actions on the intercepted requests
Intruder
Scanner
Repeater
Summary
Chapter 6: Using Burp Tools As a Power User – Part 2
Spidering
Sequencer
Decoder
Comparer
Alerts
Summary
Chapter 7: Searching, Extracting, Pattern Matching, and More
Filtering
Matching
Grep - Match and Grep - Extract
Summary
Chapter 8: Using Engagement Tools and Other Utilities
Search
Target Analyzer
Content Discovery
Task Scheduler
CSRF proof of concept Generator
Summary
Chapter 9: Using Burp Extensions and Writing Your Own
Setting up the Python runtime for Burp Extensions
Setting up the Ruby environment for Burp Extensions
Loading and installing a Burp Extension from the Burp App Store
Loading and installing a Burp Extension manually
Managing Burp Extensions
Writing our own Burp Extensions
Noteworthy Burp Extensions
Summary
Chapter 10: Saving Securely, Backing Up, and Other Maintenance Activities
Saving and restoring a state
Automatic backups
Scheduled tasks
Logging all activities
Summary
Chapter 11: Resources, References, and Links
Primary references
Web application security testing with Burp
Miscellaneous security testing tutorials with Burp Suite
Pentesting thick clients
Testing mobile applications for web security using Burp Suite
Extensions references
Books
Summary

What You Will Learn

  • Get to grips with the user-driven workflow so that you can test any kind of web application
  • Get acquainted with the use of each of the components in Burp—Target, Proxy, Intruder, Scanner, and Repeater
  • Search, extract, and match patterns for requests and responses using response extraction rules, URL-matching rules, and Grep - Match
  • Set up and test SSL-enabled applications without any errors
  • Intercept SSL traffic from all kinds of web and mobile applications
  • Develop customized Burp Extensions to suit your needs using Java, Python, and Ruby

Authors

Table of Contents

Chapter 1: Getting Started with Burp
Starting Burp from the command line
Specifying memory size for Burp
Ensuring that IPv4 is allowed
Working with other JVMs
Summary
Chapter 2: Configuring Browsers to Proxy through Burp
Configuring widely used browsers to proxy through Burp Suite
Summary
Chapter 3: Setting the Scope and Dealing with Upstream Proxies
Multiple ways to add targets to the scope
Scope and Burp Suite tools
Scope inclusion versus exclusion
Dropping out-of-scope requests
Dealing with upstream proxies and SOCKS proxies
Summary
Chapter 4: SSL and Other Advanced Settings
Importing the Burp certificate in Mozilla Firefox
Importing the Burp certificate in Microsoft IE and Google Chrome
Installing the Burp certificate in iOS or Android
SSL pass-through
Invisible Proxy
Summary
Chapter 5: Using Burp Tools As a Power User – Part 1
Target
Proxy
The Message Analysis tab
Actions on the intercepted requests
Intruder
Scanner
Repeater
Summary
Chapter 6: Using Burp Tools As a Power User – Part 2
Spidering
Sequencer
Decoder
Comparer
Alerts
Summary
Chapter 7: Searching, Extracting, Pattern Matching, and More
Filtering
Matching
Grep - Match and Grep - Extract
Summary
Chapter 8: Using Engagement Tools and Other Utilities
Search
Target Analyzer
Content Discovery
Task Scheduler
CSRF proof of concept Generator
Summary
Chapter 9: Using Burp Extensions and Writing Your Own
Setting up the Python runtime for Burp Extensions
Setting up the Ruby environment for Burp Extensions
Loading and installing a Burp Extension from the Burp App Store
Loading and installing a Burp Extension manually
Managing Burp Extensions
Writing our own Burp Extensions
Noteworthy Burp Extensions
Summary
Chapter 10: Saving Securely, Backing Up, and Other Maintenance Activities
Saving and restoring a state
Automatic backups
Scheduled tasks
Logging all activities
Summary
Chapter 11: Resources, References, and Links
Primary references
Web application security testing with Burp
Miscellaneous security testing tutorials with Burp Suite
Pentesting thick clients
Testing mobile applications for web security using Burp Suite
Extensions references
Books
Summary

Book Details

ISBN 139781783550111
Paperback144 pages
Read More
From 1 reviews

Read More Reviews

Recommended for You

Instant Burp Suite Starter Book Cover
Instant Burp Suite Starter
$ 14.99
$ 10.00
Effective Python Penetration Testing Book Cover
Effective Python Penetration Testing
$ 31.99
$ 10.00
Mastering Modern Web Penetration Testing Book Cover
Mastering Modern Web Penetration Testing
$ 35.99
$ 10.00
Learning Penetration Testing with Python Book Cover
Learning Penetration Testing with Python
$ 39.99
$ 10.00
Web Penetration Testing with Kali Linux - Second Edition Book Cover
Web Penetration Testing with Kali Linux - Second Edition
$ 39.99
$ 10.00
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide Book Cover
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
$ 35.99
$ 7.20