Using Burp for active/passive scanning
In this recipe, we will be using the Burp scanner that is part of the Burp Suite Pro, which is a paid software. It costs around $350 per year. It is loaded with functionalities, some of which are not available or restricted in the free version.
Burp suite is not as expensive as other web application scanners out there, and it provides a lot of functionalities, which are quite helpful in web app penetration testing. Not covering these recipes would be inappropriate as it is a widely used tool by penetration testers for web application penetration testing. All that said, let's quickly dive into it.
To step through this recipe, you will need a running Kali Linux running in Oracle Virtualbox or VMware ...