The first step in learning the techniques contained within this book is to download the Burp suite. The download page is available here (https://portswigger.net/burp/). You will need to decide which edition of the Burp suite you would like to download from the following:
- Professional
- Community
- Enterprise (not covered)
What is now termed Community was once labeled Free Edition. You may see both referenced on the internet, but they are one and the same. At the time of this writing, the Professional edition costs $399.
To help you make your decision, let's compare the two. The Community version offers many of the functions used in this book, but not all. For example, Community does not include any scanning functionality. In addition, the Community version contains some forced throttling of threads when using the Intruder functionality. There are no built-in payloads in the Community version, though you can load your own custom ones. And, finally, several Burp extensions that require Professional will, obviously, not work in the Community edition.
The Professional version has all functionality enabled including passive and active scanners. There is no forced throttled. PortSwigger (that is, the name of the company that writes and maintains the Burp suite) provides several built-in payloads for fuzzing and brute-forcing. Burp extensions using scanner-related API calls are workable in the Professional version as well.
In this book, we will be using the Professional version, which means much of the functionality is available in the Community edition. However, when a feature is used in this book specific to the Professional edition, a special icon will indicate this. The icon used is the following: