Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Hands-On Application Penetration Testing with Burp Suite
Hands-On Application Penetration Testing with Burp Suite

Hands-On Application Penetration Testing with Burp Suite: Use Burp Suite and its features to inspect, detect, and exploit security vulnerabilities in your web applications

Arrow left icon
Profile Icon Carlos A. Lozano Profile Icon Dhruv Shah Profile Icon Ahemed Walikar
Arrow right icon
$19.99 per month
Full star icon Full star icon Empty star icon Empty star icon Empty star icon 2 (2 Ratings)
Paperback Feb 2019 366 pages 1st Edition
eBook
$24.99 $35.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Carlos A. Lozano Profile Icon Dhruv Shah Profile Icon Ahemed Walikar
Arrow right icon
$19.99 per month
Full star icon Full star icon Empty star icon Empty star icon Empty star icon 2 (2 Ratings)
Paperback Feb 2019 366 pages 1st Edition
eBook
$24.99 $35.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$24.99 $35.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Hands-On Application Penetration Testing with Burp Suite

Configuring the Client and Setting Up Mobile Devices

Once we have Burp Suite up and configured to act as the proxy through which all our communication will go to the target, we need to set up the clients to talk to Burp, so that the communication path is complete.

Almost all clients that can talk to HTTP/HTTPS servers have a way of setting a proxy endpoint. This tells the client that it needs to send the traffic to the proxy endpoint first, which will then forward it to the target. Different clients have different ways of setting this proxy setting. Some clients use the operating system's proxy setting to enforce the path of the traffic.

In this chapter, we shall see how we can set the proxy option for various common clients, both on mobile and traditional computing devices.

We will cover the following topics in the chapter:

  • Setting up Firefox, Chrome and Internet Explorer...

Setting up Firefox to work with Burp Suite (HTTP and HTTPS)

Firefox has been a hacker favorite for quite some time now. This is largely due to a plethora of add-ons that allow you to extend its features and abilities. One of the primary advantages that Firefox has over other browsers in the industry is its ability to use proxy settings that are not tied with the operating system.

Firefox can be set up to use a specific proxy, even if the operating system has a separate system proxy set. This allows for various tools that require a separate proxy to be used in conjunction with Firefox, while ensuring Firefox does take a separate route.

Remember, no browsers, including Firefox, have separate proxy settings for the private/incognito mode.

To set up proxy options in Firefox, take the following steps:

  1. On Windows, click on the three dashes in the right top corner of any tab and select...

Setting up Chrome to work with Burp Suite (HTTP and HTTPS)

Google Chrome uses the system proxy to route traffic unless a command-line argument is used to specify a proxy server. This can be both cumbersome to work with and advantageous, in that you can set the proxy in Chrome without even opening the Chrome UI.

To set up proxy options in Chrome, perform the following steps:

  1. Click on the three dots on the top right corner and select Settings:

  1. In the Settings window, type proxy to find the Open proxy settings option:

  1. This will open up the Windows Internet Properties dialog box.
  1. Click on LAN settings to open up the settings page:

  1. Enter the port number and IP address of the system where Burp Suite is running, as shown in the following screenshot:

  1. You can also click on Advanced to use specific addresses for different protocols. Remember this is a system-wide...

Setting up Internet Explorer to work with Burp Suite (HTTP and HTTPS)

Internet Explorer and Microsoft Edge both use the Windows system proxy setting as their own preference.

Following these steps will help you set up proxy options in Internet Explorer:

  1. Click on the gear icon on the top right corner and select Internet options:

  1. The Internet options dialog will open up. Click on Connections | LAN settings to manage your proxy settings for Internet Explorer.

Remember this is a system-wide proxy setting and most programs on the system will also obey this, especially if they do not have a proxy setting of their own.

Additional browser add-ons that can be used to manage proxy settings

During a web application penetration test, requirements may arise to switch in and out of your proxy settings. There will be times when you may want to have a direct connection to the internet, while the rest of the time you may want your traffic to go through Burp.

There are scenarios as well where you may want all your traffic to go through Burp, except  maybe google.com. In such cases, switching in and out of the browsers' proxy setting can easily become an unpleasant user experience.

For these reasons, there exist several add-ons/extensions for Firefox and Chrome that allow you to switch the browser's proxy setting to a different proxy at the click of an option.

Let's look at an add-on for Firefox called FoxyProxy, and an extension for Google Chrome called Proxy SwitchySharp.

For...

Setting system-wide proxy for non-proxy-aware clients

Non-proxy-aware clients in this context are applications that talk to the internet over HTTPS but do not have an option to set a proxy server so that traffic through them can be captured. These applications use the system proxy settings. This is common with thick client applications on Windows.

In such cases, we can set a system-wide proxy setting to work with our applications. System-wide proxy settings can be set via a command line and through the GUI. However, knowing the command-line options allows you to be able to script them, so that you can switch system-wide proxy settings using bash scripts or batch files, depending on the OS you are on.

Linux or macOS X

To use...

Setting up Android to work with Burp Suite

To test Android applications, or to even test web applications via your Android device, you need to configure Burp Proxy to start a listener on interfaces and then connect the Android device and the system running Burp to the same wireless network.

This causes the Burp listener to become visible and accessible to the Android device on the same network.

Follow these steps to set a proxy for your Android device:

  1. Go to the SETTINGS menu.
  2. Connect to the same wireless network as Burp.
  1. If you are already connected, click on the wireless connection name and select Manage network settings, as shown in the following screenshot:

  1. Click on Show advanced options, to show the Proxy setting. Click on the Manual option to enter the address of the proxy server running Burp:

  1. Click SAVE to save this setting and proceed to browse an HTTP...

Setting up iOS to work with Burp Suite

To set up an iOS device to work with Burp, we need to add Burp's network listener address (as we did with the Android device) to the iOS device's network configuration.

To achieve this, follow these steps:

  1. On the iOS device, open Settings.
  2. Assuming you are already connected to the wireless network, tap the Wi-Fi option, and tap the information icon next to the wireless access point name.
  3. Select Manual under the HTTP PROXY section, and enter the IP address and port number of the Burp listener.
  4. Go back and browse to an HTTP site on your iOS device's browser and see that the traffic is received by Burp.

To be able to access HTTPS sites you will need, to add Burp's CA certificate in the iOS device. To configure the iOS device to do this, perform the following steps:

  1. Navigate to http://burp:8080.
  2. Click on the...

Setting up Firefox to work with Burp Suite (HTTP and HTTPS)


Firefox has been a hacker favorite for quite some time now. This is largely due to a plethora of add-ons that allow you to extend its features and abilities. One of the primary advantages that Firefox has over other browsers in the industry is its ability to use proxy settings that are not tied with the operating system.

Firefox can be set up to use a specific proxy, even if the operating system has a separate system proxy set. This allows for various tools that require a separate proxy to be used in conjunction with Firefox, while ensuring Firefox does take a separate route.

Remember, no browsers, including Firefox, have separate proxy settings for the private/incognito mode.

To set up proxy options in Firefox, take the following steps:

  1. On Windows, click on the three dashes in the right top corner of any tab and select Options from the menu. For Linux and OS X systems, the option to select is called Preferences.
  2. Scroll right to the...
Left arrow icon Right arrow icon

Key benefits

  • Master the skills to perform various types of security tests on your web applications
  • Get hands-on experience working with components like scanner, proxy, intruder and much more
  • Discover the best-way to penetrate and test web applications

Description

Burp suite is a set of graphic tools focused towards penetration testing of web applications. Burp suite is widely used for web penetration testing by many security professionals for performing different web-level security tasks. The book starts by setting up the environment to begin an application penetration test. You will be able to configure the client and apply target whitelisting. You will also learn to setup and configure Android and IOS devices to work with Burp Suite. The book will explain how various features of Burp Suite can be used to detect various vulnerabilities as part of an application penetration test. Once detection is completed and the vulnerability is confirmed, you will be able to exploit a detected vulnerability using Burp Suite. The book will also covers advanced concepts like writing extensions and macros for Burp suite. Finally, you will discover various steps that are taken to identify the target, discover weaknesses in the authentication mechanism, and finally break the authentication implementation to gain access to the administrative console of the application. By the end of this book, you will be able to effectively perform end-to-end penetration testing with Burp Suite.

Who is this book for?

If you are interested in learning how to test web applications and the web part of mobile applications using Burp, then this is the book for you. It is specifically designed to meet your needs if you have basic experience in using Burp and are now aiming to become a professional Burp user.

What you will learn

  • Set up Burp Suite and its configurations for an application penetration test
  • Proxy application traffic from browsers and mobile devices to the server
  • Discover and identify application security issues in various scenarios
  • Exploit discovered vulnerabilities to execute commands
  • Exploit discovered vulnerabilities to gain access to data in various datastores
  • Write your own Burp Suite plugin and explore the Infiltrator module
  • Write macros to automate tasks in Burp Suite

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 28, 2019
Length: 366 pages
Edition : 1st
Language : English
ISBN-13 : 9781788994064
Category :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Feb 28, 2019
Length: 366 pages
Edition : 1st
Language : English
ISBN-13 : 9781788994064
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 147.97
Hands-On Application Penetration Testing with Burp Suite
$48.99
Burp Suite Cookbook
$48.99
Improving your Penetration Testing Skills
$49.99
Total $ 147.97 Stars icon

Table of Contents

13 Chapters
Configuring Burp Suite Chevron down icon Chevron up icon
Configuring the Client and Setting Up Mobile Devices Chevron down icon Chevron up icon
Executing an Application Penetration Test Chevron down icon Chevron up icon
Exploring the Stages of an Application Penetration Test Chevron down icon Chevron up icon
Preparing for an Application Penetration Test Chevron down icon Chevron up icon
Identifying Vulnerabilities Using Burp Suite Chevron down icon Chevron up icon
Detecting Vulnerabilities Using Burp Suite Chevron down icon Chevron up icon
Exploiting Vulnerabilities Using Burp Suite - Part 1 Chevron down icon Chevron up icon
Exploiting Vulnerabilities Using Burp Suite - Part 2 Chevron down icon Chevron up icon
Writing Burp Suite Extensions Chevron down icon Chevron up icon
Breaking the Authentication for a Large Online Retailer Chevron down icon Chevron up icon
Exploiting and Exfiltrating Data from a Large Shipping Corporation Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Empty star icon Empty star icon Empty star icon 2
(2 Ratings)
5 star 0%
4 star 0%
3 star 50%
2 star 0%
1 star 50%
Kiwiness Jan 13, 2021
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
I bought both the paperback and Kindle version of this book. The book itself is good and complete, however the Kindle version is not only missing large sections which are in the book, but there are also pages and sections completely mixed up and out of order. The Kindle version should be pulled off the market and re-edited. Otherwise the book itself is full of up to date information on Burp Suite.
Amazon Verified review Amazon
Noam Jun 07, 2021
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
This book would have been worth 5 stars had the links given to XVWA and OWASP worked.Unfortunately, these links are broken, rendering this book useless.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.