مقدمة
We covered the Burp Suite proxy settings in addition to the scope and target settings as part TryHackMe Junior Penetration Tester pathway.
Specifically, we will be looking at:
- What Burp Suite is
- An overview of the available tools in the framework
- Installing Burp Suite for yourself
- Navigating and configuring Burp Suite.
Complete Web Application Penetration Testing Course
We will also be introducing the core of the Burp Suite framework: the Burp Proxy. This room is primarily designed to provide a foundational knowledge of Burp Suite which can then be built upon further in the other rooms of the Burp module; as such, it will be a lot heavier in theory than subsequent rooms, which take more of a practical approach. You are advised to read the information here and follow along yourself with a copy of the tool if you haven’t used Burp Suite before. Experimentation is key: use this information in tandem with playing around with the app for yourself to build a foundation for using the framework, which can then be built upon in later rooms.
Put simply: Burp Suite is a framework written in Java that aims to provide a one-stop-shop for web application penetration testing. In many ways, this goal is achieved as Burp is very much the industry standard tool for hands-on web app security assessments. Burp Suite is also very commonly used when assessing mobile applications, as the same features which make it so attractive for web app testing translate almost perfectly into testing the APIs (أتطبيق صالبرمجة أناnterfaces) powering most mobile apps.
At the simplest level, Burp can capture and manipulate all of the traffic between an attacker and a webserver: this is the core of the framework. After capturing requests, we can choose to send them to various other parts of the Burp Suite framework — we will be covering some of these tools in upcoming rooms. This ability to intercept, view, and modify web requests prior to them being sent to the target server (or, in some cases, the responses before they are received by our browser), makes Burp Suite perfect for any kind of manual web app testing.
إجابات الغرفة
ما هو إصدار Burp Suite الذي يعمل على الخادم ويوفر فحصًا مستمرًا لتطبيقات الويب المستهدفة؟
يتم استخدام Burp Suite بشكل متكرر عند مهاجمة تطبيقات الويب وتطبيقات ______.
ما هي أداة التجشؤ التي سنستخدمها إذا أردنا استخدام نموذج تسجيل الدخول بالقوة؟
In which Project options sub-tab can you find reference to a “Cookie jar”?
In which خيارات المستخدم sub-tab can you change the Burp Suite update behaviour?
What is the name of the section within the خيارات المستخدم “Suite” sub-tab which allows you to change the Burp Suite keybindings?
إذا قمنا بتحميل شهادات TLS من جانب العميل في ملف خيارات المستخدم علامة التبويب، هل يمكننا تجاوزها على أساس كل مشروع (نعم/لا)؟
ما الزر الذي سنختاره لإرسال طلب تم اعتراضه إلى الهدف في Burp Proxy؟
[بحث] ما هو رابط المفتاح الافتراضي لهذا؟
ملحوظة: Assume you are using Windows or لينكس (i.e. swap Cmd for Ctrl).
ما هو العلم الذي تتلقاه؟
Look through the Issue Definitions list.
ما هي درجة الخطورة النموذجية لتبعية JavaScript الضعيفة؟
