Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Burp Suite Essentials

You're reading from   Burp Suite Essentials Discover the secrets of web application pentesting using Burp Suite, the best tool for the job

Arrow left icon
Product type Paperback
Published in Nov 2014
Publisher Packt
ISBN-13 9781783550111
Length 144 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Akash Mahajan Akash Mahajan
Author Profile Icon Akash Mahajan
Akash Mahajan
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Getting Started with Burp 2. Configuring Browsers to Proxy through Burp FREE CHAPTER 3. Setting the Scope and Dealing with Upstream Proxies 4. SSL and Other Advanced Settings 5. Using Burp Tools As a Power User – Part 1 6. Using Burp Tools As a Power User – Part 2 7. Searching, Extracting, Pattern Matching, and More 8. Using Engagement Tools and Other Utilities 9. Using Burp Extensions and Writing Your Own 10. Saving Securely, Backing Up, and Other Maintenance Activities 11. Resources, References, and Links Index

Chapter 1. Getting Started with Burp

Burp Suite is a collection of tightly integrated tools that allow effective security testing of modern-day web applications. It provides a great combination of tools that allow automated and manual workflows to test, assess, and attack web applications of all shapes and sizes. Getting started with Burp is easy. With some application, we can become extremely comfortable and skilled at using the various powerful tools that are offered by Burp Suite.

Burp Suite is a piece of modern software written in the Java language. Java makes it cross-platform and extremely versatile for use both by novices and professionals. This chapter will get you started with Burp quickly while giving you enough information that will facilitate our journey of getting acquainted with Burp Suite. The tool, unlike point-and-click automated scanners, is meant to be used in a hands-on manner, and while it makes it easy to automate parts of the testing, a lot can be done by the tool in the hands of an expert. Since our aim is to optimize the way we use Burp, through this chapter, we will get to know a few tricks that will make it easy to start with.

Burp Suite is distributed as a single Java Archive (.jar) file. The free version can be downloaded from http://portswigger.net/burp/downloadfree.html. There is no registration or form to fill out, but if you'd rather get the Pro version, which I highly recommend, then you need to buy it from the same website to be able to download it. There are significant differences between the free version and the Pro version, but if you are a serious tester looking for the best value-for-money scanner / web application security tool, it should be Burp Suite Pro.

The main differences between the free version and the Pro version of Burp Suite are:

  • Burp Scanner
  • The ability to save and restore your work
  • Engagement tools, such as Target Analyzer, Content Discovery, and Task Scheduler

These are the topics we'll be covering in this chapter:

  • Starting Burp from the command line
  • Setting memory options based on our requirement and system RAM
  • Troubleshooting any IPv6 error that occurs sometimes

Oracle Java 1.6 or above is currently required for the software to run.

Oracle Java 1.6+ is usually installed for Windows and Mac OS X. If your computer doesn't have it installed, go to http://java.com, choose the version of Java Runtime Environment (JRE) for your operating system, and follow the installation instructions.

The official documentation cautions users from double-clicking on the .jar file. This is to ensure that we can clearly specify the amount of RAM allocated for the Burp process when we start it.

Some people have successfully run Burp with other flavors of Java, but for now, we will focus on running it well with Oracle Java 1.6 or above.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at R$50/month. Cancel anytime