Using Burp Suite
Burp Suite is one of the most popular web proxy tools used for assessing web applications. Burp is a cross-platform tool based on Java. With Burp Suite, HTTP requests, and responses can be man-in-the-middled in order to tamper with as well as monitor application behavior. Additionally, applications can be spidered, actively scanned for vulnerabilities, passively scanned, and fuzzed.
Getting ready
Burp Suite is preinstalled in the virtual machine prepared for the cookbook; however, it can also be downloaded at https://portswigger.net/burp/.
There are two versions of Burp: free edition and professional edition. The professional edition is available for a modest price ($349.00 USD) given Burp's feature set. There is a 2-week professional edition trial available as well. The free edition allows proxying of HTTP requests and responses as well as downloading some of the extender add-ons available in the BApp store. The professional version allows usage of more advanced features and...