Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Hands-On Application Penetration Testing with Burp Suite Use Burp Suite and its features to inspect, detect, and exploit security vulnerabilities in your web applications

Product type Paperback

Published in Feb 2019

Publisher Packt

ISBN-13 9781788994064

Length 366 pages

Edition 1st Edition

Tools

Burp Suite

Concepts

Penetration Testing

Authors (3):

Dhruv Shah

Riyaz Ahemed Walikar

Carlos A. Lozano

View More author details

Table of Contents (14) Chapters

Preface

1. Configuring Burp Suite FREE CHAPTER

2. Configuring the Client and Setting Up Mobile Devices

3. Executing an Application Penetration Test

4. Exploring the Stages of an Application Penetration Test

5. Preparing for an Application Penetration Test

6. Identifying Vulnerabilities Using Burp Suite

7. Detecting Vulnerabilities Using Burp Suite

8. Exploiting Vulnerabilities Using Burp Suite - Part 1

9. Exploiting Vulnerabilities Using Burp Suite - Part 2

10. Writing Burp Suite Extensions

11. Breaking the Authentication for a Large Online Retailer

12. Exploiting and Exfiltrating Data from a Large Shipping Corporation

13. Other Books You May Enjoy

Leave a review - let other readers know what you think

Setting up iOS to work with Burp Suite

To set up an iOS device to work with Burp, we need to add Burp's network listener address (as we did with the Android device) to the iOS device's network configuration.

To achieve this, follow these steps:

On the iOS device, open Settings.
Assuming you are already connected to the wireless network, tap the Wi-Fi option, and tap the information icon next to the wireless access point name.
Select Manual under the HTTP PROXY section, and enter the IP address and port number of the Burp listener.
Go back and browse to an HTTP site on your iOS device's browser and see that the traffic is received by Burp.

To be able to access HTTPS sites you will need, to add Burp's CA certificate in the iOS device. To configure the iOS device to do this, perform the following steps:

Navigate to http://burp:8080.
Click on the...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (3)

Carlos A. Lozano

Carlos A. Lozano is a security consultant with more than 15 years' experience in various security fields. He has worked as a penetration tester, but most of his experience is with security application assessments. He has assessed financial applications, ISC/SCADA systems, and even low-level applications, such as drivers and embedded components. Two years ago, he started on public and private bug bounty programs and focused on web applications, source code review, and reversing projects. Also, Carlos works as Chief Operations Officer at Global CyberSec, an information security firm based in Mexico, with operations in the USA and Chile.

See other products by Carlos A. Lozano

Ahemed Walikar

Riyaz Ahemed Walikar is a Web Application Pentester, security evangelist, and researcher. He has been active in the security community for the last 10 years. He is actively involved with vulnerability research in popular web applications and network aware services and has disclosed several security issues in popular software like Apache Archiva, Openfire, and so on. He has found vulnerabilities with popular web applications like Facebook, Twitter, Google, and so on for which he is on the Hall of Fame for most of these services. He has also been a speaker and trainer at several security conferences. His technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, and penetration testing networks.

See other products by Ahemed Walikar

Dhruv Shah

Dhruv Shah holds a Masters degree in IT and has 7 years of experience as a specialist in Information Security. He started off as a trainer sensitizing staff in private sector organizations about security issues and what hackers look for when they launch attacks on networks. He, later on, switched his job to carry out penetration testing for Indian government agencies and then for banking clients in the Middle East. He now has extensive experience in penetration testing for Fortune 500 companies involving web and mobile applications, networks, Infra, and Red Team work. In his spare time, he co-authored the book Kali Linux Intrusion and Exploitation and is an active member and moderator of one of the Null chapters in India.

See other products by Dhruv Shah