Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Burp Suite Cookbook

You're reading from   Burp Suite Cookbook Practical recipes to help you master web penetration testing with Burp Suite

Arrow left icon
Product type Paperback
Published in Sep 2018
Publisher
ISBN-13 9781789531732
Length 358 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Dr. Sunny Wear Dr. Sunny Wear
Author Profile Icon Dr. Sunny Wear
Dr. Sunny Wear
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Getting Started with Burp Suite FREE CHAPTER 2. Getting to Know the Burp Suite of Tools 3. Configuring, Spidering, Scanning, and Reporting with Burp 4. Assessing Authentication Schemes 5. Assessing Authorization Checks 6. Assessing Session Management Mechanisms 7. Assessing Business Logic 8. Evaluating Input Validation Checks 9. Attacking the Client 10. Working with Burp Macros and Extensions 11. Implementing Advanced Topic Attacks 12. Other Books You May Enjoy

Downloading Burp (Community, Professional)

The first step in learning the techniques contained within this book is to download the Burp suite. The download page is available here (https://portswigger.net/burp/). You will need to decide which edition of the Burp suite you would like to download from the following:

  • Professional
  • Community
  • Enterprise (not covered)

What is now termed Community was once labeled Free Edition. You may see both referenced on the internet, but they are one and the same. At the time of this writing, the Professional edition costs $399.

To help you make your decision, let's compare the two. The Community version offers many of the functions used in this book, but not all. For example, Community does not include any scanning functionality. In addition, the Community version contains some forced throttling of threads when using the Intruder functionality. There are no built-in payloads in the Community version, though you can load your own custom ones. And, finally, several Burp extensions that require Professional will, obviously, not work in the Community edition.

The Professional version has all functionality enabled including passive and active scanners. There is no forced throttled. PortSwigger (that is, the name of the company that writes and maintains the Burp suite) provides several built-in payloads for fuzzing and brute-forcing. Burp extensions using scanner-related API calls are workable in the Professional version as well.

In this book, we will be using the Professional version, which means much of the functionality is available in the Community edition. However, when a feature is used in this book specific to the Professional edition, a special icon will indicate this. The icon used is the following:

Getting ready

To begin our adventure together, go to https://portswigger.net/burp and download the edition of the Burp suite you wish to use. The page provides a slider, as following, which highlights the features of Professional and Community, allowing you to compare them:

Many readers may choose the Community edition to gain familiarity with the product prior to purchasing.

Should you choose to purchase or trial the Professional edition, you will need to complete forms or payments and subsequent email confirmations will be sent to you. Once your account is created, you may login and perform the download from the links provided in our account.

Software tool requirements

How to do it...

After deciding on the edition you need, you have two installation options, including an executable or a plain JAR file. The executable is only available in Windows and is offered in both 32-bit or 64-bit. The plain JAR file is available for Windows, macOS, and Linux.

The Windows executable is self-contained and will create icons in your program listing. However, the plain JAR file requires your platform to have Java (https://www.java.com/en/download/) pre-installed. You may choose the current version of Java (JRE or JDK) so feel free to choose the latest version:

You have been reading a chapter from
Burp Suite Cookbook
Published in: Sep 2018
Publisher:
ISBN-13: 9781789531732
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image