Book description
Test, fuzz, and break web applications and services using Burp Suite's powerful capabilities
Key Features
- Master the skills to perform various types of security tests on your web applications
- Get hands-on experience working with components like scanner, proxy, intruder and much more
- Discover the best-way to penetrate and test web applications
Book Description
Burp suite is a set of graphic tools focused towards penetration testing of web applications. Burp suite is widely used for web penetration testing by many security professionals for performing different web-level security tasks.
The book starts by setting up the environment to begin an application penetration test. You will be able to configure the client and apply target whitelisting. You will also learn to setup and configure Android and IOS devices to work with Burp Suite. The book will explain how various features of Burp Suite can be used to detect various vulnerabilities as part of an application penetration test. Once detection is completed and the vulnerability is confirmed, you will be able to exploit a detected vulnerability using Burp Suite. The book will also covers advanced concepts like writing extensions and macros for Burp suite. Finally, you will discover various steps that are taken to identify the target, discover weaknesses in the authentication mechanism, and finally break the authentication implementation to gain access to the administrative console of the application.
By the end of this book, you will be able to effectively perform end-to-end penetration testing with Burp Suite.
What you will learn
- Set up Burp Suite and its configurations for an application penetration test
- Proxy application traffic from browsers and mobile devices to the server
- Discover and identify application security issues in various scenarios
- Exploit discovered vulnerabilities to execute commands
- Exploit discovered vulnerabilities to gain access to data in various datastores
- Write your own Burp Suite plugin and explore the Infiltrator module
- Write macros to automate tasks in Burp Suite
Who this book is for
If you are interested in learning how to test web applications and the web part of mobile applications using Burp, then this is the book for you. It is specifically designed to meet your needs if you have basic experience in using Burp and are now aiming to become a professional Burp user.
Publisher resources
Table of contents
- Title Page
- Copyright and Credits
- Contributors
- About Packt
- Preface
- Configuring Burp Suite
-
Configuring the Client and Setting Up Mobile Devices
- Setting up Firefox to work with Burp Suite (HTTP and HTTPS)
- Setting up Chrome to work with Burp Suite (HTTP and HTTPS)
- Setting up Internet Explorer to work with Burp Suite (HTTP and HTTPS)
- Additional browser add-ons that can be used to manage proxy settings
- Setting system-wide proxy for non-proxy-aware clients
- Setting up Android to work with Burp Suite
- Setting up iOS to work with Burp Suite
- Summary
- Executing an Application Penetration Test
- Exploring the Stages of an Application Penetration Test
- Preparing for an Application Penetration Test
- Identifying Vulnerabilities Using Burp Suite
- Detecting Vulnerabilities Using Burp Suite
-
Exploiting Vulnerabilities Using Burp Suite - Part 1
- Data exfiltration via a blind Boolean-based SQL injection
- Executing OS commands using an SQL injection
- Executing an out-of-band command injection
- Stealing session credentials using XSS
- Taking control of the user's browser using XSS
- Extracting server files using XXE vulnerabilities
- Performing out-of-data extraction using XXE and Burp Suite collaborator
- Exploiting SSTI vulnerabilities to execute server commands
- Summary
-
Exploiting Vulnerabilities Using Burp Suite - Part 2
- Using SSRF/XSPA to perform internal port scans
- Using SSRF/XSPA to extract data from internal machines
- Extracting data using Insecure Direct Object Reference (IDOR) flaws
- Exploiting security misconfigurations
- Using insecure deserialization to execute OS commands
- Exploiting crypto vulnerabilities
- Brute forcing HTTP basic authentication
- Brute forcing forms
- Bypassing file upload restrictions
- Summary
- Writing Burp Suite Extensions
- Breaking the Authentication for a Large Online Retailer
- Exploiting and Exfiltrating Data from a Large Shipping Corporation
- Other Books You May Enjoy
Product information
- Title: Hands-On Application Penetration Testing with Burp Suite
- Author(s):
- Release date: February 2019
- Publisher(s): Packt Publishing
- ISBN: 9781788994064
You might also like
video
Burp Suite: Web Application Penetration Testing
Expand your knowledge of Burp Suite beyond just capturing the request and responses. Burp Suite is …
book
AWS Penetration Testing
Get to grips with security assessment, vulnerability exploitation, workload security, and encryption with this guide to …
video
Web Application Hacking with Burp Suite
Burp Suite contains an array of penetration testing and vulnerability finder tools. It is mainly used …
book
Practical Web Penetration Testing
Learn how to execute web application penetration testing end-to-endAbout This Book Build an end-to-end threat model …