The difference in the major release update is the availability of a limited REST API and a new dashboard that separates running tasks into jobs that can be paused and started individually. To get started, you must first download a version of Burp from the PortSwigger website. At this point in time, Professional is at v2.0.13beta and Community is at v1.7.36. Basically, if you want to do something with a web request or response, Burp will help you – probably in a variety of ways. On top of that, it is extensible via third-party add-ons that can be written in Java, Ruby, or Python in order to automate testing and simplify attack techniques. What makes Burp SWEET, is that it will record, intercept, replay, and analyze that same traffic while also allowing you to manipulate requests and responses in ways your browser won’t. Think of it as a man-in-the-middle attack on yourself, but you are happy about it. Burp Suite is a form of HTTP proxy – that is to say it sits in between your browser and the internet and forwards traffic in either direction. While it is unclear why a company would name their flagship product after a belch, one thing that is clear is the folks at PortSwigger have made a tool that will stand the test of time in web application testing.
0 Comments
Leave a Reply. |