O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Burp Suite Cookbook

Book Description

Get hands-on experience in using Burp Suite to execute attacks and perform web assessments

Key Features

  • Explore the tools in Burp Suite to meet your web infrastructure security demands
  • Configure Burp to fine-tune the suite of tools specific to the target
  • Use Burp extensions to assist with different technologies commonly found in application stacks

Book Description

Burp Suite is a Java-based platform for testing the security of your web applications, and has been adopted widely by professional enterprise testers.

The Burp Suite Cookbook contains recipes to tackle challenges in determining and exploring vulnerabilities in web applications. You will learn how to uncover security flaws with various test cases for complex environments. After you have configured Burp for your environment, you will use Burp tools such as Spider, Scanner, Intruder, Repeater, and Decoder, among others, to resolve specific problems faced by pentesters. You will also explore working with various modes of Burp and then perform operations on the web. Toward the end, you will cover recipes that target specific test scenarios and resolve them using best practices.

By the end of the book, you will be up and running with deploying Burp for securing web applications.

What you will learn

  • Configure Burp Suite for your web applications
  • Perform authentication, authorization, business logic, and data validation testing
  • Explore session management and client-side testing
  • Understand unrestricted file uploads and server-side request forgery
  • Execute XML external entity attacks with Burp
  • Perform remote code execution with Burp

Who this book is for

If you are a security professional, web pentester, or software developer who wants to adopt Burp Suite for applications security, this book is for you.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Burp Suite Cookbook
  3. Packt Upsell
    1. Why subscribe?
    2. Packt.com
  4. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Conventions used
    4. Sections
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
      5. See also
    5. Get in touch
      1. Reviews
    6. Disclaimer
    7. Targeting legal vulnerable web applications
  6. Getting Started with Burp Suite
    1. Introduction
    2. Downloading Burp (Community, Professional)
      1. Getting ready
        1. Software tool requirements
      2. How to do it...
    3. Setting up a web app pentesting lab
      1. Getting ready
        1. Software tool requirements
      2. How to do it...
      3. How it works
    4. Starting Burp at a command line or as an executable
      1. How to do it...
      2. How it works...
    5. Listening for HTTP traffic, using Burp
      1. Getting ready
      2. How to do it...
      3. How it works...
  7. Getting to Know the Burp Suite of Tools
    1. Introduction
    2. Software tool requirements
    3. Setting the Target Site Map
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Understanding the Message Editor
      1. Getting ready
      2. How to do it...
    5. Repeating with Repeater
      1. Getting ready
      2. How to do it...
    6. Decoding with Decoder
      1. Getting ready
      2. How to do it...
    7. Intruding with Intruder
      1. Getting ready
      2. How to do it...
        1. Target
        2. Positions
        3. Payloads
          1. Payload Sets
          2. Payload Options
          3. Payload Processing
          4. Payload Encoding
        4. Options
          1. Request Headers
          2. Request Engine
          3. Attack Results
          4. Grep - Match
          5. Grep - Extract
          6. Grep - Payloads
          7. Redirections
        5. Start attack button
  8. Configuring, Spidering, Scanning, and Reporting with Burp
    1. Introduction 
    2. Software tool requirements
    3. Establishing trust over HTTPS
      1. Getting ready
      2. How to do it...
    4. Setting Project options
      1. How to do it...
        1. The Connections tab
        2. The HTTP tab
        3. The SSL tab
        4. The Sessions tab
        5. The Misc tab
    5. Setting user options
      1. How to do it...
        1. The SSL tab
        2. The Display tab
        3. The Misc tab
    6. Spidering with Spider
      1. Getting ready 
        1. The Control tab
        2. The Options tab
      2. How to do it...
    7. Scanning with Scanner
      1. Getting ready 
      2. How to do it...
    8. Reporting issues
      1. Getting ready 
      2. How to do it...
  9. Assessing Authentication Schemes
    1. Introduction
    2. Software tool requirements
    3. Testing for account enumeration and guessable accounts
      1. Getting ready
      2. How to do it...
    4. Testing for weak lock-out mechanisms
      1. Getting ready
      2. How to do it...
    5. Testing for bypassing authentication schemes
      1. Getting ready
      2. How to do it...
      3. How it works
    6. Testing for browser cache weaknesses
      1. Getting ready
      2. How to do it...
    7. Testing the account provisioning process via the REST API
      1. Getting ready
      2. How to do it...
  10. Assessing Authorization Checks
    1. Introduction
    2. Software requirements
    3. Testing for directory traversal
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Testing for Local File Include (LFI)
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Testing for Remote File Inclusion (RFI)
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Testing for privilege escalation
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Testing for Insecure Direct Object Reference (IDOR)
      1. Getting ready
      2. How to do it...
      3. How it works...
  11. Assessing Session Management Mechanisms
    1. Introduction
    2. Software tool requirements
    3. Testing session token strength using Sequencer
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Testing for cookie attributes
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Testing for session fixation
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Testing for exposed session variables
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Testing for Cross-Site Request Forgery
      1. Getting ready
      2. How to do it...
      3. How it works...
  12. Assessing Business Logic
    1. Introduction
    2. Software tool requirements
    3. Testing business logic data validation
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Unrestricted file upload – bypassing weak validation
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Performing process-timing attacks
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Testing for the circumvention of work flows
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Uploading malicious files – polyglots
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
  13. Evaluating Input Validation Checks
    1. Introduction
    2. Software tool requirements
    3. Testing for reflected cross-site scripting
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Testing for stored cross-site scripting
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Testing for HTTP verb tampering
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Testing for HTTP Parameter Pollution
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Testing for SQL injection
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    8. Testing for command injection
      1. Getting ready
      2. How to do it...
      3. How it works...
  14. Attacking the Client
    1. Introduction
    2. Software tool requirements
    3. Testing for Clickjacking
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Testing for DOM-based cross-site scripting
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Testing for JavaScript execution
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Testing for HTML injection
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Testing for client-side resource manipulation
      1. Getting ready
      2. How to do it...
      3. How it works...
  15. Working with Burp Macros and Extensions
    1. Introduction
    2. Software tool requirements
    3. Creating session-handling macros
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Getting caught in the cookie jar
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Adding great pentester plugins
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Creating new issues via the Manual-Scan Issues Extension
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    7. Working with the Active Scan++ Extension
      1. Getting ready
      2. How to do it...
      3. How it works...
  16. Implementing Advanced Topic Attacks
    1. Introduction
    2. Software tool requirements
    3. Performing XXE attacks
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Working with JWT
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Using Burp Collaborator to determine SSRF
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    6. Testing CORS
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    7. Performing Java deserialization attacks
      1. Getting Ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
  17. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think