Burp Suite Basics

In this course, you will learn the basics of web application security testing with Burp Suite, the industry standard tool for manual web application security testing. You'll learn how to use Burp Suite to intercept and modify HTTP(S) traffic, identify and exploit common web application vulnerabilities, and automate repetitive tasks.

General

Fundamentals

Parrot CTFs academy course image

Course Preview

What is Burp Suite? 

Burp Suite is a Web Proxy used to intercept web application traffic. Burp Suite was developed and is maintained by Portswigger.This tool is used by every pentester daily and is in their toolkit. Some of the main features that burpsuite has besides the main proxy is the Repeater, Decoder/Encoder. Intruder, Comparer, Collaborater, and Burp Extender. Burpsuite is an essential tool for web application pentesters through out this module you will learn how to use every part of burp suite and leverage it to find flaws in web applications and APIs. 


The community edition of Burp Suite should be enough for most penetration testers. However, as we dive deeper into more advanced web application penetration testing, the professional features may be well worth it. In this module, we'll focus on features available in the community and professional editions of Burp Suite. 

 

Burp Suite Pro:

 

Burp Suite Community:


 

What is the main difference between BurpSuite Pro and BurpSuite Community?

You can use BurpSuite Community to do just about anything related to web application hacking; However, BurpSuite Pro makes this much easier and faster. BurpSuite Community is very limited in what you can do. Both can get the job done, it is $300.00 USD a year for a Burp pro subscription, and Community is 100% free. 

Tools available on BurpSuite Pro:

  • Decoder/Encoder
  • Repeater 
  • Intruder
  • Comparer
  • Logger 
  • Burp Active/Passive Scanner
  • All extentions on BAPP store
  • Sequencer


Tools available on BurpSuite Community:

  • Decoder/Encoder
  • Repeater 
  • Intruder ( slow and limited )
  • Comparer
  • Logger
  • Limited BAPP extentions in store

 

Are there any tips I should know? 

Burp Suite offers several valuable shortcuts that can significantly save time during testing. Although their meanings might not be clear at the moment, it's worth remembering them for future reference, as they could be useful while in a time restricted test. 

 

Keybinding  Description of  Keybinding 
CTRL+I
Sends Current Request To Intruder
CTRL+R
Sends Current Request To Repeater
CTRL+U
Url Encodes Highlighted Text
CTRL+SHIFT+U
Url Decodes Highlighted Text

 

If you are a student or part of a bussiness you may qualify for a free trial of Burp Suite Pro. All you have to do is go here: Burp Pro Trial and enter your student or bussiness email and you may get a free trial of Burp Suite Pro. This will help you follow along with this course module and it is reccomended to have Burp Suite Pro.