Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Burp Suite Cookbook

You're reading from   Burp Suite Cookbook Web application security made easy with Burp Suite

Arrow left icon
Product type Paperback
Published in Oct 2023
Publisher Packt
ISBN-13 9781835081075
Length 450 pages
Edition 2nd Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Dr. Sunny Wear Dr. Sunny Wear
Author Profile Icon Dr. Sunny Wear
Dr. Sunny Wear
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Chapter 1: Getting Started with Burp Suite 2. Chapter 2: Getting to Know the Burp Suite of Tools FREE CHAPTER 3. Chapter 3: Configuring, Crawling, Auditing, and Reporting with Burp 4. Chapter 4: Assessing Authentication Schemes 5. Chapter 5: Assessing Authorization Checks 6. Chapter 6: Assessing Session Management Mechanisms 7. Chapter 7: Assessing Business Logic 8. Chapter 8: Evaluating Input Validation Checks 9. Chapter 9: Attacking the Client 10. Chapter 10: Working with Burp Suite Macros and Extensions 11. Chapter 11: Implementing Advanced Topic Attacks 12. Index 13. Other Books You May Enjoy

Downloading Burp Suite (Community and Professional editions)

The first step in learning the techniques contained within this book is to download the Burp Suite application. The download page is available here: https://portswigger.net/burp/. You will need to decide which edition of Burp Suite you would like to download from the following:

  • Professional
  • Community
  • Enterprise (not covered): This product is designed for large companies to run Burp Scanner across thousands of targets
  • Dastardly (not covered): This edition only provides Burp Scanner capabilities and is specifically designed to integrate with Jenkins and other CI tools as jobs within a DevOps pipeline

What is now termed Community was once labeled Free Edition. You may see both referenced on the internet, but they are the same. At the time of writing, the Professional edition costs $449.

To help you make your decision, let’s compare the two. The Community version offers many of the functions used in this book, but not all. For example, the Community version does not include any scanning functionality. In addition, the Community version contains some forced throttling of threads when using the Burp Suite Intruder functionality. There are no built-in payloads in the Community version, though you can load custom ones. And, finally, several Burp Suite extensions that require the Professional edition will, obviously, not work in the Community edition.

The Professional version has all the functionality enabled, including passive and active scanners. There is no forced throttling. PortSwigger (that is, the name of the company that writes and maintains Burp Suite) provides several built-in payloads for fuzzing and brute-forcing. Burp Suite extensions that use scanner-related API calls work in the Professional version as well.

In this book, we will be using the Professional version, which provides access to an extensive array of functionality compared to the Community edition. However, when a feature is used in this book that’s specific to the Professional edition, a special icon will indicate this:

Figure 1.1 – Burp Suite Professional icon

Figure 1.1 – Burp Suite Professional icon

Getting ready

To begin our adventure together, go to https://portswigger.net/burp and download the edition of Burp Suite you wish to use. The page provides a slider, as shown here, which highlights the features of Professional and Community, allowing you to compare them:

Figure 1.2 – Burp Suite Professional versus Community features

Figure 1.2 – Burp Suite Professional versus Community features

You may wish to choose the Community edition to gain familiarity with the product before purchasing the Professional version.

Should you choose to purchase or use the trial version of the Professional edition, you will need to complete forms or payments and subsequent email confirmations will be sent to you. Once your account is created, you may log in and perform the download from the links provided in our account.

Software tool requirements

To complete this recipe, you will need the following:

How to do it...

After deciding on the edition you need, you have two installation options, including an executable or a plain JAR file. The executable is only available in Windows and is offered in both 32-bit and 64-bit versions. The plain JAR file is available for Windows, macOS, and Linux. You can find all the available download options here: https://portswigger.net/burp/releases/professional-community-2023-4-5?requestededition=community&requestedplatform=.

The Windows executable is self-contained and will create icons in your program listing. However, the plain JAR file requires your platform to have Java (https://www.oracle.com/java/technologies/downloads/) pre-installed. You may choose the current version of Java (JRE or JDK), so feel free to choose the latest version:

Figure 1.3 – PortSwigger’s Downloads page

Figure 1.3 – PortSwigger’s Downloads page

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image