Learn how to use Burp Suite functionalities to pentest a WebApp

1. Burp Suite 101
What, Why and How

2. ● Software Engineer & Researcher at CyberForge Academy
● Final year, B. Tech. CSE @ LPU
● Engaged in Research, Creating course content/setups
● Developing SaaS software and open source tools
● Interned with Web3verse Academy, a Singapore-based startup focused on
Web3 education and Namekart, a domain name brokerage firm.
● Interested in Art and craft 🎨
$ whoami

3. Table of contents
01
04
02
05
03
06
Introduction Why Burp
Suite
Burp Proxy
Burp Intruder Burp Spider &
Repeater
Burp Scanner

4. ● Suite of security testing tools
● Used for penetration testing on Web Apps.
● Developed by PortSwigger
● Both Free and paid version
● Cross-platform (Windows/Linux/MacOS)
● Suite includes tools such as :
○ Burp Proxy
○ Burp Spider
○ Burp Intruder
○ Burp Scanner
○ Burp Repeater
What is Burp Suite ?

5. Why Burp Suite?
● Comprehensive Testing Suite
● Identify Vulnerabilities
Example: Discovering XSS flaws by analyzing HTTP responses.
● Customizable Testing
Example: Using Burp Intruder for tailored security assessments.
● Real-Time Monitoring
Example: Intercepting and modifying HTTP requests with Burp Proxy.

6. Link : https://portswigger.net/burp/communitydownload

11. ● Intercepting proxy tool utilized for various security testing
● Intercepting and analyzing HTTP/S requests and responses.
● Modifying requests and responses to test application behavior.
● Logs HTTP traffic for reviewing, tracking changes, and identifying web
app issues.
● Options-Forward Request , Drop Request , Edit Request
1. Burp Proxy

13. Burp Proxy Setup &
Intercept

14. ● Dynamic request modification for HTTP testing
● Automation of attack scenarios like brute-force and
fuzzing
● Customizable payloads for tailored attacks
● Advanced analysis and reporting for efficient
vulnerability identification
2. Burp Intruder

16. Enumerating
Username

17. ● Automated web application crawler.
● Maps out application structure and discovers URLs and parameters.
● Passive Crawling: Observes traffic flow within Burp Suite to identify
URLs and parameters.
● Active Crawling: Actively sends requests to the target application to
explore and discover new URLs and parameters.
3. Burp Spider

18. Source: Burp Suite Professional
Web Vulnerability Scanner |
E-SPIN Group (e-spincorp.com)

19. ● For Manually modifying and replaying HTTP
requests.
● To review individual requests and analyze
application responses.
● Modify parameters, headers, and payloads to test
application behavior.
4. Burp Repeater

22. ● Automated web vulnerability scanner.
● Identifies security flaws in web applications.
● Two key Phases:
○ Audit: Identifies vulnerabilities in web applications.
○ Crawl: Maps application structure and discovers endpoints.
● Features include vulnerability detection ,customizable scanning
options, scan scheduling, reporting, and scan feedback.
5. Burp Scanner

23. Source: Burp Suite Professional
Web Vulnerability Scanner |
E-SPIN Group (e-spincorp.com)

24. Cyber News

25. Source: Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack
(thehackernews.com)

26. Source : Millions of hotel doors vulnerable to attack, researchers find | Cybernews

27. Source : Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security

28. CREDITS: This presentation template was created by Slidesgo, and includes icons by Flaticon, and infographics & images by Freepik
Thanks!
Do you have any questions?
contact@cyberforge.academy
+91 8837537763
https://cyberforge.academy
https://github.com/CyberForgeAcademy/Workshops