SlideShare une entreprise Scribd logo

Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali

C
cyberforgeacademy

Learn how to use Burp Suite functionalities to pentest a WebApp

Technologie
1  sur  28
Télécharger pour lire hors ligne
Burp Suite 101 What, Why and How
● Software Engineer & Researcher at CyberForge Academy ● Final year, B. Tech. CSE @ LPU ● Engaged in Research, Creating course content/setups ● Developing SaaS software and open source tools ● Interned with Web3verse Academy, a Singapore-based startup focused on Web3 education and Namekart, a domain name brokerage firm. ● Interested in Art and craft 🎨 $ whoami
Table of contents 01 04 02 05 03 06 Introduction Why Burp Suite Burp Proxy Burp Intruder Burp Spider & Repeater Burp Scanner
● Suite of security testing tools ● Used for penetration testing on Web Apps. ● Developed by PortSwigger ● Both Free and paid version ● Cross-platform (Windows/Linux/MacOS) ● Suite includes tools such as : ○ Burp Proxy ○ Burp Spider ○ Burp Intruder ○ Burp Scanner ○ Burp Repeater What is Burp Suite ?
Why Burp Suite? ● Comprehensive Testing Suite ● Identify Vulnerabilities Example: Discovering XSS flaws by analyzing HTTP responses. ● Customizable Testing Example: Using Burp Intruder for tailored security assessments. ● Real-Time Monitoring Example: Intercepting and modifying HTTP requests with Burp Proxy.
Link : https://portswigger.net/burp/communitydownload
● Intercepting proxy tool utilized for various security testing ● Intercepting and analyzing HTTP/S requests and responses. ● Modifying requests and responses to test application behavior. ● Logs HTTP traffic for reviewing, tracking changes, and identifying web app issues. ● Options-Forward Request , Drop Request , Edit Request 1. Burp Proxy
Burp Proxy Setup & Intercept
● Dynamic request modification for HTTP testing ● Automation of attack scenarios like brute-force and fuzzing ● Customizable payloads for tailored attacks ● Advanced analysis and reporting for efficient vulnerability identification 2. Burp Intruder
Enumerating Username
● Automated web application crawler. ● Maps out application structure and discovers URLs and parameters. ● Passive Crawling: Observes traffic flow within Burp Suite to identify URLs and parameters. ● Active Crawling: Actively sends requests to the target application to explore and discover new URLs and parameters. 3. Burp Spider
Source: Burp Suite Professional Web Vulnerability Scanner | E-SPIN Group (e-spincorp.com)
● For Manually modifying and replaying HTTP requests. ● To review individual requests and analyze application responses. ● Modify parameters, headers, and payloads to test application behavior. 4. Burp Repeater
● Automated web vulnerability scanner. ● Identifies security flaws in web applications. ● Two key Phases: ○ Audit: Identifies vulnerabilities in web applications. ○ Crawl: Maps application structure and discovers endpoints. ● Features include vulnerability detection ,customizable scanning options, scan scheduling, reporting, and scan feedback. 5. Burp Scanner
Source: Burp Suite Professional Web Vulnerability Scanner | E-SPIN Group (e-spincorp.com)
Cyber News
Source: Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack (thehackernews.com)
Source : Millions of hotel doors vulnerable to attack, researchers find | Cybernews
Source : Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
CREDITS: This presentation template was created by Slidesgo, and includes icons by Flaticon, and infographics & images by Freepik Thanks! Do you have any questions? contact@cyberforge.academy +91 8837537763 https://cyberforge.academy https://github.com/CyberForgeAcademy/Workshops

Recommandé

Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdfFinding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdfNullHyderabad
 
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdfFinding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdfNullHyderabad
 
Burp suite
Burp suiteBurp suite
Burp suitepenetration Tester
 
Burp suite
Burp suiteBurp suite
Burp suitepenetration Tester
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 
Burp intruder
Burp intruderBurp intruder
Burp intruderpenetration Tester
 
Burp intruder
Burp intruderBurp intruder
Burp intruderpenetration Tester
 

Recommandé

Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdfFinding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdfNullHyderabad
 
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdfFinding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdfNullHyderabad
 
Burp suite
Burp suiteBurp suite
Burp suitepenetration Tester
 
Burp suite
Burp suiteBurp suite
Burp suitepenetration Tester
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 
Burp intruder
Burp intruderBurp intruder
Burp intruderpenetration Tester
 
Burp intruder
Burp intruderBurp intruder
Burp intruderpenetration Tester
 
Burpsuite yara
Burpsuite yaraBurpsuite yara
Burpsuite yaraRinaldi Rampen
 
Burpsuite yara
Burpsuite yaraBurpsuite yara
Burpsuite yaraRinaldi Rampen
 
Tw noche geek quito webappsec
Tw noche geek quito webappsecTw noche geek quito webappsec
Tw noche geek quito webappsecThoughtworks
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Thoughtworks
 
Tw noche geek quito webappsec
Tw noche geek quito webappsecTw noche geek quito webappsec
Tw noche geek quito webappsecThoughtworks
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Thoughtworks
 
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...JosephTesta9
 
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...JosephTesta9
 
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bbBb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bbMatthew Saltzman
 
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bbBb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bbMatthew Saltzman
 
Computer security
Computer securityComputer security
Computer securityMohamed Abdo
 
Computer security
Computer securityComputer security
Computer securityMohamed Abdo
 
CSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCoreCSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCoreAnwar Mohamed
 
CSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCoreCSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCoreAnwar Mohamed
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
Burpsuite 101
Burpsuite 101Burpsuite 101
Burpsuite 101n|u - The Open Security Community
 
Burpsuite 101
Burpsuite 101Burpsuite 101
Burpsuite 101n|u - The Open Security Community
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugLewis Ardern
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugLewis Ardern
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Contenu connexe

Similaire à Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali

Tw noche geek quito webappsec
Tw noche geek quito webappsecTw noche geek quito webappsec
Tw noche geek quito webappsecThoughtworks
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Thoughtworks
 
Tw noche geek quito webappsec
Tw noche geek quito webappsecTw noche geek quito webappsec
Tw noche geek quito webappsecThoughtworks
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Thoughtworks
 
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...JosephTesta9
 
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...JosephTesta9
 
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bbBb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bbMatthew Saltzman
 
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bbBb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bbMatthew Saltzman
 
CSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCoreCSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCoreAnwar Mohamed
 
CSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCoreCSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCoreAnwar Mohamed
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugLewis Ardern
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugLewis Ardern
 

Similaire à Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali (20)

Burpsuite yara
Burpsuite yaraBurpsuite yara
Burpsuite yara
 
Burpsuite yara
Burpsuite yaraBurpsuite yara
Burpsuite yara
 
Tw noche geek quito webappsec
Tw noche geek quito webappsecTw noche geek quito webappsec
Tw noche geek quito webappsec
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...
 
Tw noche geek quito webappsec
Tw noche geek quito webappsecTw noche geek quito webappsec
Tw noche geek quito webappsec
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...
 
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
 
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...
 
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bbBb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
 
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bbBb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb
 
Computer security
Computer securityComputer security
Computer security
 
Computer security
Computer securityComputer security
Computer security
 
CSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCoreCSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCore
 
CSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCoreCSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCore
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
 
Burpsuite 101
Burpsuite 101Burpsuite 101
Burpsuite 101
 
Burpsuite 101
Burpsuite 101Burpsuite 101
Burpsuite 101
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A Bug
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A Bug
 

Dernier

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Dernier (20)

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali

  • 1. Burp Suite 101 What, Why and How
  • 2. ● Software Engineer & Researcher at CyberForge Academy ● Final year, B. Tech. CSE @ LPU ● Engaged in Research, Creating course content/setups ● Developing SaaS software and open source tools ● Interned with Web3verse Academy, a Singapore-based startup focused on Web3 education and Namekart, a domain name brokerage firm. ● Interested in Art and craft 🎨 $ whoami
  • 3. Table of contents 01 04 02 05 03 06 Introduction Why Burp Suite Burp Proxy Burp Intruder Burp Spider & Repeater Burp Scanner
  • 4. ● Suite of security testing tools ● Used for penetration testing on Web Apps. ● Developed by PortSwigger ● Both Free and paid version ● Cross-platform (Windows/Linux/MacOS) ● Suite includes tools such as : ○ Burp Proxy ○ Burp Spider ○ Burp Intruder ○ Burp Scanner ○ Burp Repeater What is Burp Suite ?
  • 5. Why Burp Suite? ● Comprehensive Testing Suite ● Identify Vulnerabilities Example: Discovering XSS flaws by analyzing HTTP responses. ● Customizable Testing Example: Using Burp Intruder for tailored security assessments. ● Real-Time Monitoring Example: Intercepting and modifying HTTP requests with Burp Proxy.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. ● Intercepting proxy tool utilized for various security testing ● Intercepting and analyzing HTTP/S requests and responses. ● Modifying requests and responses to test application behavior. ● Logs HTTP traffic for reviewing, tracking changes, and identifying web app issues. ● Options-Forward Request , Drop Request , Edit Request 1. Burp Proxy
  • 12.
  • 13. Burp Proxy Setup & Intercept
  • 14. ● Dynamic request modification for HTTP testing ● Automation of attack scenarios like brute-force and fuzzing ● Customizable payloads for tailored attacks ● Advanced analysis and reporting for efficient vulnerability identification 2. Burp Intruder
  • 15.
  • 17. ● Automated web application crawler. ● Maps out application structure and discovers URLs and parameters. ● Passive Crawling: Observes traffic flow within Burp Suite to identify URLs and parameters. ● Active Crawling: Actively sends requests to the target application to explore and discover new URLs and parameters. 3. Burp Spider
  • 18. Source: Burp Suite Professional Web Vulnerability Scanner | E-SPIN Group (e-spincorp.com)
  • 19. ● For Manually modifying and replaying HTTP requests. ● To review individual requests and analyze application responses. ● Modify parameters, headers, and payloads to test application behavior. 4. Burp Repeater
  • 20.
  • 21.
  • 22. ● Automated web vulnerability scanner. ● Identifies security flaws in web applications. ● Two key Phases: ○ Audit: Identifies vulnerabilities in web applications. ○ Crawl: Maps application structure and discovers endpoints. ● Features include vulnerability detection ,customizable scanning options, scan scheduling, reporting, and scan feedback. 5. Burp Scanner
  • 23. Source: Burp Suite Professional Web Vulnerability Scanner | E-SPIN Group (e-spincorp.com)
  • 25. Source: Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack (thehackernews.com)
  • 26. Source : Millions of hotel doors vulnerable to attack, researchers find | Cybernews
  • 27. Source : Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
  • 28. CREDITS: This presentation template was created by Slidesgo, and includes icons by Flaticon, and infographics & images by Freepik Thanks! Do you have any questions? contact@cyberforge.academy +91 8837537763 https://cyberforge.academy https://github.com/CyberForgeAcademy/Workshops