Website and Web Application Security trend
0
/ Published in Brand, PortSwigger, Product

Burp Suite Professional Web Vulnerability Scanner

Burp Suite Professional Web Vulnerability Scanner or simply just Burp Suite Pro, is one of the top and leading commercial security assessment tools (SAT) allowing web based penetration testing, secure web development testing and bug bounty hurting.

Burp Suite Professional is an integrated suite of web application security testing toolkits targeted for use by web pentester, bug bounty hunters and secure web application developers. One uniqueness of Burp Suite Professional is it allows complete control of how the web application security testing and pentesting workflow fits the tester objective. Be it to use as a user driven automated point and click web scanner, or proxy and manual exploit the web application with various built in toolkits provided.

Burp Suite Professional is licensed by user and installation, typically installed into user laptop or desktop, due to interactive operation of the toolkit involved.

Integrated web application testing platform

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Burp Suite contains the following key components:

  • An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.
  • An application-aware Spider, for crawling content and functionality.
  • An advanced web application Scanner, for automating the detection of numerous types of vulnerability.
  • An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
  • Repeater tool, for manipulating and resending individual requests.
  • Sequencer tool, for testing the randomness of session tokens.
  • The ability to save your work and resume working later.
  • Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.

Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.

Burp Proxy

Burp Proxy is an intercepting proxy server for security testing of web applications. It operates as a man-in-the-middle between your browser and the target application, allowing you to:

  • Intercept and modify all HTTP/S traffic passing in both directions.
  • Easily analyze all kinds of content, with automatic colorizing of request and response syntax, rendering of web content, and parsing of serialization schemes like AMF.
  • Apply fine-grained rules to determine which requests and responses are intercepted for manual testing.
  • View all traffic in the detailed Proxy history, with advanced filters and search functions.
  • Send interesting items to other Burp Suite tools with a single click.
  • Save all of your work, and resume working later.
  • Quickly search and highlight interesting content within HTTP messages.
  • Work with custom SSL certificates and non-proxy-aware clients.
  • Define rules to automatically modify requests and responses without manual intervention.

Burp Suite Professional Web Vulnerability Scanner

Burp Proxy provides the foundation for Burp Suite’s user-driven workflow, allowing you to use an application in the normal way via your browser, and yet have full control of all its requests and responses. Using the Proxy, you can quickly understand how the application works and start testing it manually, and you can also pass individual requests to other Burp tools for more advanced, customized and automated testing.

Burp Spider

Burp Spider is a tool for mapping web applications. It automates the laborious task of cataloging an application’s content and functionality, and lets you:

  • Work manually via your browser, by passively inspecting traffic passing through Burp Proxy and cataloging everything that this identifies.
  • Actively crawl the application, by automatically following links, submitting forms, and parsing responses for new content.
  • Browse a detailed site map of discovered content, in tree and table form.
  • Retain full control of all spidering actions, with fine-grained scope definition, automatic or user-guided submission of forms, and detailed configuration of the spidering engine.
  • Send interesting items to other Burp Suite tools with a single click.
  • Deal with complex applications, with automatic handling of login credentials and session cookies, and detection of custom “not found” responses.
  • Save all of your work, and resume working later.

When you run Burp, the Spider runs by default in passive mode, and builds up a detailed site map of your target application, by recording all of the requests that you make via Burp Proxy, and parsing all of the responses for new links and functionality. After browsing the whole application, you can use Burp’s site map to review the content you have discovered. You can then use the active spidering function to map out any areas you may have missed, or you can select individual items or branches within the site map, and send these to other Burp tools for further manual or automated attacks.

Burp Scanner or Burp Web Vulnerability Scanner

Burp Suite’s vulnerability scanner helps you to find, track and fix vulnerabilities in your web applications:

  • Great performance against all vulnerabilities in the OWASP top 10.
  • Reliable reporting and remediation advice.
  • The most widely adopted vulnerability scanner on the market.

Burp Scanner is a state-of-the-art vulnerability scanner for web applications. It is designed with security testers in mind, to integrate closely with your existing techniques and methodologies for manual and automated testing.

Burp Intruder

Burp Intruder is a tool for automating customized attacks against web applications, to identify and exploit all kinds of security vulnerabilities. Burp Intruder is exceptionally powerful and configurable, and its potential is limited only by your skill and imagination in using it. You can use Intruder to:

  • Performing fuzzing of application requests to identify common vulnerabilities, such as SQL injection, cross-site scripting, and buffer overflows.
  • Enumerate identifiers used within the application, such as account numbers and usernames.
  • Deliver customized brute-force attacks against authentication schemes and session handling mechanisms.
  • Exploit bugs such as broken access controls and information leakage to harvest sensitive data from the application.
  • Perform highly customized discovery of application content in the face of unusual naming schemes or retrieval methods.
  • Carry out concurrency attacks against race conditions, and application-layer denial-of-service attacks.

A typical workflow using Burp Intruder is as follows:

  • Identify an interesting or vulnerable request within any of the Burp Suite tools, and send this to Intruder.
  • Mark the locations in the request where you want to insert payloads.
  • Configure your attack payloads, using Intruder’s highly configurable algorithms and preset lists, or your own custom list of payloads.
  • Start the attack and review the detailed results, including all requests made and responses received.
  • Analyze the results to achieve your chosen objective, using customizable filtering and sorting, or by defining your own rules for matching or extracting response data.

Burp Repeater

Burp Repeater is a tool for manually modifying and reissuing individual HTTP requests, and analyzing their responses. Using Burp Repeater, you can:

  • Send requests from other Burp Suite tools to test manually in Burp Repeater.
  • Work on each base request in a separate tab, to avoid confusion.
  • Repeatedly change and resubmit the same request, and review the response.
  • Automatically or manually follow redirections where appropriate.
  • Step backwards and forwards through the request history within each tab, to quickly compare the results of different attack variants.
  • Easily analyze all kinds of content, with automatic colorizing of request and response syntax, rendering of web content, and parsing of serialization schemes like AMF.
  • Send interesting items to other Burp Suite tools with a single click.
  • Save all of your work, and resume working later.

Burp Sequencer

Burp Sequencer is a tool for analyzing the degree of randomness in security-critical tokens issued by an application. It is typically used to test the quality of an application’s session tokens or other items, such as CSRF nonces, on whose unpredictability the application depends for its security. Burp Sequencer lets you:

  • Send requests that return a security token from other Burp Suite tools to test in Burp Sequencer.
  • Reissue the same request repeatedly, to generate a large sample of tokens for statistical analysis.
  • Perform a rigorous set of tests, including the standard FIPS tests and others, to estimate the degree of randomness within the sample, at both the character and bit level.
  • Start performing the analysis with as few as 100 tokens, and re-perform this as a larger sample is collected, up to the FIPS-recommended sample size of 20,000 tokens.
  • View an intuitive, at-a-glance summary of all the tests performed, letting you quickly understand the overall quality of randomness.
  • Review detailed, graphical test output, letting you drill down into the detailed reasons why individual parts of the token passed or failed each test.
  • Load an existing sample of tokens for analysis, if these have already been captured elsewhere.

Burp Sequencer is often highly useful in providing rigorous analysis of an application’s session tokens, in cases where these can appear random to both the naked eye and to simpler, scatter-graph based, analyses. It also enables consultants to provide their clients with output to demonstrate that some meaningful work has been done in this often overlooked area of security.

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways. Extensions can be written in Java, Python or Ruby. The extensibility API is extremely rich and powerful, and lets extensions carry out numerous useful tasks. You can:

  • Process and modify HTTP requests and responses for all Burp tools.
  • Access key runtime data, such as the Proxy history, target site map, and Scanner issues.
  • Initiate actions like scanning and spidering.
  • Implement custom scan checks and register scan issues.
  • Customize the placement of attack insertion points within scanned requests.
  • Provide custom Intruder payloads and payload processors.
  • Query and update the Suite-wide target scope.
  • Query and update the session handling cookie jar.
  • Implement custom session handling actions.
  • Add custom tabs and context menu items to Burp’s user interface.
  • Use Burp’s native HTTP message editor within your own user interface.
  • Customize Burp’s HTTP message editor to handle data formats that Burp does not natively support.
  • Analyze HTTP requests and responses to obtain headers, parameters, cookies, etc.
  • Build, modify and issue HTTP requests and retrieve responses.
  • Read and modify Burp’s configuration settings.
  • Save and restore Burp’s state.

Automated crawl and scan

Coverage of over 100 generic vulnerabilities, such as SQL injection and cross-site scripting (XSS), with great performance against all vulnerabilities in the OWASP top 10.

Different modes for scan speed, allowing fast, normal, and thorough scans to be carried out for different purposes.

Scan exactly what you want. You can perform a full crawl and scan of an entire host, or a particular branch of the site content, or an individual URL.
Support for numerous types of attack insertion points within requests, including parameters, cookies, HTTP headers, parameter names, and the URL file path.
Support for nested insertion pointsallowing automatic testing of custom application data formats, such as JSON inside Base64 inside a URL-encoded parameter.
Burp’s advanced application-aware crawler can be used to map out application contents, prior to automated scanning or manual testing.
Use fine-grained scope-based configuration to control exactly what hosts and URLs are to be included in the crawl or scan.
Automatic detection of custom not-foundresponses, to reduce false positives during crawling.

Advanced scanning for manual testers

View real-time feedback of all actions being performed during scanning. The active scan queue shows the progress of each item that is queued for scanning. The issue activity log shows a sequential record of all issues as they are added or updated.

Use the active scanning mode to interactively test for vulnerabilities like OS command injection and file path traversal.

Use the passive scanning mode to identify flaws such as information disclosure, insecure use of SSL, and cross-domain exposure.
You can place manual insertion pointsat arbitrary locations within requests, to inform the Scanner about non-standard inputs and data formats.
Burp Scanner can automatically move parameters between different locations, such as URL parameters and cookies, to help evade web application firewalls and other defenses.
You can fully control what gets scanned using live scanning as you browse. Each time you make a new request that is within your defined target scope, Burp automatically schedules the request for active scanning.
Burp can optionally report all reflected and stored inputs, even where no vulnerability has been confirmed, to facilitate manual testing for issues like cross-site scripting.
Different modes for scan accuracy, to optionally favor more false positives or negatives.

Cutting-edge scanning logic

Burp Scanner is designed by industry-leading penetration testers. Its advanced feedback-driven scanning logic is designed to reproduce the actions of a skilled human tester.

Advanced crawling capabilities (including coverage of the latest web technologies such as REST, JSON, AJAX and SOAP), combined with its cutting-edge scanning engine, allow Burp to achieve greater scan coverage and vulnerability detection than other fully automated web scanners.
Burp has pioneered the use of highly innovative out-of-band techniques to augment the conventional scanning model. The Burp Collaborator technology allows Burp to detect server-side vulnerabilities that are completely invisible in the application’s external behavior, and even to report vulnerabilities that are triggered asynchronously after scanning has completed.
The Burp Infiltrator technology can be used to perform interactive application security testing (IAST) by instrumenting target applications to give real-time feedback to Burp Scanner when its payloads reach dangerous APIs within the application.
Burp Scanner includes a full static code analysis engine for detection of security vulnerabilities within client-side JavaScript, such a DOM-based cross-site scripting.
Burp’s scanning logic is continually updated with enhancements to ensure it can find the latest vulnerabilities and new edge cases of existing vulnerabilities. In recent years, Burp has been the first scanner to detect novel vulnerabilities pioneered by the Burp research team, including template injection and path-relative stylesheet imports.

Clear and detailed presentation of vulnerabilities

The target site map shows all of the content that has been discovered in sites being tested. Content is presented in a tree view that corresponds to the sites’ URL structure. Selecting branches or nodes within the tree shows a listing of individual items, with full details including requests and responses where available.

The site map also shows the vulnerabilities that have been identified. Icons in the site tree allow vulnerable areas of the target to be quickly identified and explored.

Vulnerabilities are rated for severity and confidence to help decision makers focus quickly on the most significant issues.
All reported vulnerabilities contain detailed custom advisories. These include a full description of the issue, and step-by-step remediation advice. Advisory wording is dynamically generated for each individual issue, with any special features or remediation points accurately described.
Each reported vulnerability includes full information about the evidence on which it is based. This includes HTTP requests and responses with relevant features highlighted, and any out-of-band interactions with Burp Collaborator. The reported evidence enables developers to quickly understand the nature of each vulnerability, and the location within the application where a fix needs to be applied.
You can export beautifully formatted HTML reports of discovered vulnerabilities. The level and type of details included in the report can be customized for different audiences.

Intercept browser traffic using man-in-the-middle proxy

Burp Proxy allows manual testers to intercept all requests and responsesbetween the browser and the target application, even when HTTPS is being used.
You can view, edit or drop individual messages to manipulate the server-side or client-side components of the application.
The Proxy history records full details of all requests and responses passing through the Proxy.
You can annotate individual items with comments and colored highlights, letting you mark interesting items for manual follow-up later.
Burp Proxy can perform various automatic modification of responses to facilitate testing. For example, you can unhide hidden form fields, enable disabled form fields, and remove JavaScript form validation.
You can use match and replace rules to automatically apply custom modifications to requests and responses passing through the Proxy. You can create rules that operate on message headers and body, request parameters, or the URL file path.
Burp helps eliminate browser security warnings that can occur when intercepting HTTPS connections. On installation, Burp generates a unique CA certificate that you can install in your browser. Host certificates are then generated for each domain that you visit, signed by the trusted CA certificate.
Burp supports invisible proxying for non-proxy-aware clients, enabling the testing of non-standard user agents such as thick client applications and some mobile applications.
HTML5 WebSockets messages are intercepted and logged to a separate history, in the same way as regular HTTP messages.
You can configure fine-grained interception rules that control precisely which messages are intercepted, letting you focus on the most interesting interactions.

Automate custom attacks using Burp Intruder

  • Burp Intruder is an advanced tool for automating custom attacks against applications. It can be used for numerous purposes to improve the speed and accuracy of manual testing.
  • Common use cases are fuzzing for vulnerabilities, enumerating valid identifiers, extracting interesting data, and actively exploiting discovered vulnerabilities.
  • You can place payloads in arbitrary positions with requests, allowing payloads to be placed within custom data structures and protocols.

  • Multiple simultaneous payloads of different types can be placed into different positions within the same request, and can be combined in various ways.
  • There are numerous built-in payload generators that can automatically create payloads for virtually any purpose in a highly configurable way. Payload generators include numbers, dates, brute forcer, bit flipper, username generator, ECB block shuffler, illegal Unicode, and case modification. Burp extensions can also provide completely custom payload generators via the API.

  • There are built-in wordlists for numerous common purposes, including directory and file names, common field names and values, fuzz strings, HTTP verbs and user agents. You can also easily configure a custom repository of wordlists for direct use within Intruder payloads.
  • Payload processing rules can be defined to manipulate generated payloads in arbitrary ways, to meet the exact needs of the custom attack being performed. Payload processing rules include the addition of a prefix or suffix, match and replace, substring, encoding or decoding in various schemes, or skipping payloads that match a regular expression. Burp extensions can also provide completely custom payload processing rules via the API.
  • Intruder attacks can be configured to automatically grep for custom match strings in responses. This function can be used for numerous purposes, including looking for error messages during fuzzing, confirming valid identifiers during enumeration tasks, and flagging successful exploitation of discovered vulnerabilities.
  • Burp Intruder can extract custom data items from responses. For example, you can cycle through a range of page identifiers and extract the title of each returned page, or iterate over all valid user IDs and extract the name and group of each user.
  • Intruder captures detailed attack results, with all relevant information about each request and response clearly presented in table form. Captured data includes the payload values and positions, HTTP status code, response timers, cookies, number of redirections, and the results of any configured grep or data extraction settings.

Advanced manual testing tools

  • All requests and responses are displayed in a feature-rich HTTP message editor. This provides numerous views into the underlying message to assist in analyzing and modifying its contents.
  • Individual requests and responses can be easily sent between Burp tools to support all kinds of manual testing workflows.
  • The Repeater tool lets you manually edit and reissue individual requests, with a full history of requests and responses.
  • The Sequencer tool is used for statistical analysis of session tokens using standard cryptographic tests for randomness.

  • The Decoder tool lets you convert data between common encoding schemes and formats used on the modern web.
  • The CSRF PoC Generator function can be used to generate a proof-of-concept cross-site request forgery (CSRF) attack for a given request.

  • The Clickbandit tool generates working clickjacking attacks against vulnerable application functions.
  • The Comparer tool performs a visual diff between pairs of requests and responses or other interesting data.
  • The Content Discovery function can be used to discover hidden content and functionality that is not linked from visible content that you can browse to.
  • The Target Analyzer function can be used to analyze a target web application and tell you how many static and dynamic URLs it contains, and how many parameters each URL takes.

  • The Compare Site Maps function can compare two site maps and highlight differences. This feature can be used in various ways to help find different types of access control vulnerabilities.
  • The Search function can be used to find interesting items of data within all Burp’s tools.
  • The Scheduled Tasks function can be used to automatically start and stop certain tasks at defined times and intervals.

Overcome connection challenges

  • Burp supports platform authentication using Basic, NTLMv1 and v2, and Digest authentication types.
  • You can load client SSL certificates and smartcards needed for authentication to protected applications during testing.

  • You can configure all details of SSL negotiation, to help deal with unusually configured targets.
  • Burp can automatically handle session handling mechanisms, including conventional logins and cross-site request forgery tokens.
  • You can record macros for repeating common sequences of requests, for use within the session handling mechanism.
  • You can create custom session handling rules to deal with particular situations. Session handling rules can automatically log in, detect and recover invalid sessions, and fetch valid CSRF tokens.

Extensibility

  • The powerful Burp Extender API allows extensions to customize Burp’s behavior and integrate with other tools. Common use cases for Burp extensions include modifying HTTP requests and responses on the fly, customizing the Burp UI, adding custom Scanner checks, and accessing key runtime information including crawl and scan results.
  • The BApp Store is a repository of ready-to-use extensions contributed by the Burp user community. These can be installed with a single click from within the Burp UI.

  • You can easily create your own extensions using the Java, Python or Ruby programming languages.
  • Discovered vulnerabilities can be exported as XML for importing into dozens of third-party tools that support Burp’s export format.

The rest of Burp Suite Pro Features

Burp Suite Professional is the leading toolkit for web security testing to perform faster, more reliable security testing. It being known as best in class for security testing, a must-have tool for security engineers for a very long period of time. Use it to automate repetitive testing tasks – then dig deeper with its expert-designed manual and semi-automated security testing tools. Burp Suite Professional can help you to test for OWASP Top 10 vulnerabilities – as well as the very latest hacking techniques.

A walkthrough of some of Burp Suite Professional’s major features.

Manual penetration testing features

Intercept everything your browser sees

A powerful proxy/history lets you modify all HTTP(S) communications passing through your browser.

Manage recon data

All target data is aggregated and stored in a target site map – with filtering and annotation functions.

Expose hidden attack surface

Find hidden target functionality with an advanced automatic discovery function for “invisible” content.

Test for clickjacking attacks

Generate and confirm clickjacking attacks for potentially vulnerable web pages, with specialist tooling.

Work with WebSockets

WebSockets messages get their own specific history – allowing you to view and modify them.

Break HTTPS effectively

Proxy even secure HTTPS traffic. Installing your unique CA certificate removes associated browser security warnings.

Manually test for out-of-band vulnerabilities

Make use of a dedicated client to incorporate Burp Suite’s out-of-band (OAST) capabilities during manual testing.

Speed up granular workflows

Modify and reissue individual HTTP and WebSocket messages, and analyze the response – within a single window.

Quickly assess your target

Determine the size of your target application. Auto-enumeration of static and dynamic URLs, and URL parameters.

Assess token strength

Easily test the quality of randomness in data items intended to be unpredictable (e.g. tokens).

Advanced/custom automated attacks

Faster brute-forcing and fuzzing

Deploy custom sequences of HTTP requests containing multiple payload sets. Radically reduce time spent on many tasks.

Query automated attack results

Capture automated results in customized tables, then filter and annotate to find interesting entries/improve subsequent attacks.

Construct CSRF exploits

Easily generate CSRF proof-of-concept attacks. Select any suitable request to generate exploit HTML.

Facilitate deeper manual testing

See reflected/stored inputs even when a bug is not confirmed. Facilitates testing for issues like XSS.

Scan as you browse

The option to passively scan every request you make, or to perform active scans on specific URLs.

Automatically modify HTTP messages

Settings to automatically modify responses. Match and replace rules for both responses and requests.

Automated scanning for vulnerabilities

Harness pioneering AST technology

High signal: low noise. Scan with pioneering, friction-free, out-of-band-application security testing (OAST).

Conquer client-side attack surfaces

Hybrid AST and built-in JavaScript analysis engine help to find holes in client-side attack surfaces.

Fuel vulnerability coverage with research

Cutting-edge scan logic from PortSwigger Research combines with coverage of over 100 generic bugs.

Fine-tune scan control

Get fine-grained control, with a user-driven scanning methodology. Or, run “point-and-click” scans.

Remediate bugs effectively

Custom descriptions and step-by-step remediation advice for every bug, from PortSwigger Research.

Configure scan behavior

Customize what you audit, and how. Skip specific checks, fine-tune insertion points, and much more.

Crawl more complex targets. Burp Suite’s crawler identifies locations based on content – not just URL.

Effectively apply IAST

Source identification and vulnerability reporting simplified, with optional code instrumentation.

Experience browser-driven scanning

Browser-driven scanning is already striding toward better coverage of tricky targets like AJAX-heavy single page apps.

Productivity tools

Deep-dive message analysis

Show follow-up, analysis, reference, discovery, and remediation in a feature-rich HTTP editor.

Utilize both built-in and custom configurations

Access predefined configurations for common tasks, or save and reuse custom configurations.

Multiply project options

Auto-save all working projects to disk, and add configurations to pre-saved projects.

Make code more readable

Automatically pretty-print code formats including JSON, JavaScript, CSS, HTML, and XML.

Easily remediate scan results

See source, discovery, contents, and remediation, for every bug, with aggregated application data.

Simplify scan reporting

Customize with HTML/XML formats. Report all evidence identified, including issue details.

Speed up data transformation

Decode or encode data, with multiple built-in operations (e.g. Hex, Octal, Base64).

 

Extensions

Create custom extensions

Extender API ensures universal adaptability. Code custom extensions to make Burp work for you.

Logger++

For in-depth vulnerability detail, ordered and arranged in an easily accessible table, make use of Logger++.

Autorize

When testing for authorization vulnerabilities, save time and perform repeat requests with Autorize.

Turbo Intruder

Configured in Python, with a custom HTTP stack, Turbo Intruder can unleash thousands of requests per second.

J2EE Scan

Expand your Java-specific vulnerability catalogue and hunt the most niche bugs, with J2EEScan.

Access the extension library

The BApp Store customizes and extends capabilities. Over 250 extensions, written and tested by Burp users.

Upload Scanner

Adapt Burp Scanner’s attacks by uploading and testing multiple file-type payloads, with Upload Scanner.

AuthMatrix

Run AuthMatrix with Autorize to define your access-level vulnerability authorization check.

Param Miner

Quickly find unkeyed inputs with Param Miner – can guess up to 65,000 parameter names per second.

Backslash Powered Scanner

Find research-grade bugs, and bridge human intuition and automation, with Backslash Powered Scanner.

Latest Release and Update

Due to incremental updates and changing in nature, please read from this dedicated post and consolidate all into a single post for easy reading for those who want to know the feature, patch and update from each build.

Be noted Burp Suite Pro is no automated web scanner, for customer look for scheduler, real time dashboard and DevSecOps CI/CD seamless integration and delivery automation, please refer Burp Suite Enterprise Edition in the separate dedicated post.

Other Post You May Interest

Burp Suite Enterprise Edition Automated Web Scanner

Tagged under: , , , , , , , , ,

What you can read next

Qualys Asset Inventory Product Overview
Solarwinds Database Performance Analyzer Product Overview by E-SPIN
Burp Suite Enterprise Edition Product Latest Release and Build
Concept of Training

Leave a Reply

Your email address will not be published. Required fields are marked *