Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Hands-On Application Penetration Testing with Burp Suite

You're reading from   Hands-On Application Penetration Testing with Burp Suite Use Burp Suite and its features to inspect, detect, and exploit security vulnerabilities in your web applications

Arrow left icon
Product type Paperback
Published in Feb 2019
Publisher Packt
ISBN-13 9781788994064
Length 366 pages
Edition 1st Edition
Arrow right icon
Authors (3):
Arrow left icon
Dhruv Shah Dhruv Shah
Author Profile Icon Dhruv Shah
Dhruv Shah
Riyaz Ahemed Walikar Riyaz Ahemed Walikar
Author Profile Icon Riyaz Ahemed Walikar
Riyaz Ahemed Walikar
Carlos A. Lozano Carlos A. Lozano
Author Profile Icon Carlos A. Lozano
Carlos A. Lozano
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Configuring Burp Suite FREE CHAPTER 2. Configuring the Client and Setting Up Mobile Devices 3. Executing an Application Penetration Test 4. Exploring the Stages of an Application Penetration Test 5. Preparing for an Application Penetration Test 6. Identifying Vulnerabilities Using Burp Suite 7. Detecting Vulnerabilities Using Burp Suite 8. Exploiting Vulnerabilities Using Burp Suite - Part 1 9. Exploiting Vulnerabilities Using Burp Suite - Part 2 10. Writing Burp Suite Extensions 11. Breaking the Authentication for a Large Online Retailer 12. Exploiting and Exfiltrating Data from a Large Shipping Corporation 13. Other Books You May Enjoy

Quick settings before beginning

This section highlights five quick settings that can be enabled/set/configured before beginning a test to become productive immediately:

  • Enable server response interception: By default, Burp is not configured to intercept server responses. This can, however, be enabled using the Intercept Server Responses options under Proxy | Options. Enable interception of responses when Request | Was modified and when Request | Was intercepted.

  • Enable the Unhide hidden form fields and select the Prominently highlight unhidden fields option: This can be found under the Proxy | Options | Response Modification panel. This is very useful when browsing an application that stores or uses hidden HTML form fields to make application decisions.

The hidden field is visible on the page and highlighted very conspicuously, allowing you to edit the contents directly in the page if required.

  • Enable the Don't send items to Proxy history or other Burp tools, if out of scope option: This option can be found under Proxy | Options | Miscellaneous. When enabled, this option prevents Burp from sending out-of-scope requests and responses to the Proxy | History and other Burp tools, such as Scanner and Target. These requests and responses are sent and received, but not logged in any of Burp's feature sets.

  • Set a keyboard shortcut to issue a Repeater request: This is a very useful setting that can be enabled to avoid clicking the Go button using the mouse when working with the Repeater module of Burp. Burp already allows items to be sent to Repeater via the Proxy | History tab using Ctrl + R. Switching to the Repeater window can be achieved with Ctrl + Shift + R. Adding a shortcut to sending a request using Repeater completes the chain of keystrokes required to pick an item from Proxy | History, and sending it forward.

  • Schedule a Save state operation: Burp has a task scheduler that can be invoked for certain tasks, such as resuming and pausing scans and spidering. You can reach the task scheduler from Project Options | Misc | Scheduled Tasks.
  • One of the key operations that the task scheduler supports is the auto save state. Select Save state and click Next:

    1. Select a file that will contain the save state and, if required, select the In-scope items only checkbox, as shown in the following screenshot:

    1. Select when to start the task and the interval. During a busy engagement, saving every 30 minutes is a good interval to begin with:

    1. Click finish to activate the Scheduled Task, as shown in the following screenshot:

You have been reading a chapter from
Hands-On Application Penetration Testing with Burp Suite
Published in: Feb 2019
Publisher: Packt
ISBN-13: 9781788994064
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image