Burp Suite — Web Security Testing

BurpSuite

Posted By : Subramani Sundaram

Added :

5 Comments


Burp Suite — Web Security Testing is an integrated platform/graphical tool for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp Suite is installed by default in Kali Linux.

The tool is written in Java and developed by PortSwigger Web Security.

The tool has three editions:

  1. Community Edition
  2. Professional Edition
  3. Enterprise Edition

Pricing of the Editions :

Burp Suite Pricing Editions

Sample Reports of Burp Suite Edition:

Burp Suite Sample Reports

Web vulnerability scanner:

  1. Coverage of over 100 generic vulnerabilities, such as SQL injection and cross-site scripting (XSS), with a great performance against all vulnerabilities in the OWASP top 10.
  2. Burp’s cutting-edge web application crawleraccurately maps content and functionality, automatically handling sessions, state changes, volatile content, and application logins.
  3. Burp Scanner includes a full JavaScript analysis engine using a combination of static (SAST) and dynamic (DAST) techniques for the detection of security vulnerabilities within client-side JavaScript, such as DOM-based cross-site scripting.
  4. Burp has pioneered the use of highly innovative out-of-band techniques (OAST) to augment the conventional scanning model. The Burp Collaborator technology allows Burp to detect server-side vulnerabilities that are completely invisible in the application’s external behavior, and even to report vulnerabilities that are triggered asynchronously after scanning has completed.
  5. The Burp Infiltrator technology can be used to perform interactive application security testing (IAST) by instrumenting target applications to give real-time feedback to Burp Scanner when its payloads reach dangerous APIs within the application.
  6. Burp’s scanning logic is continually updated with enhancements to ensure it can find the latest vulnerabilities and new edge cases of existing vulnerabilities.
  7. All reported vulnerabilities contain detailed custom advisories. These include a full description of the issue and step-by-step remediation advice.

Scheduled and repeat scans:

  • Burp Suite Enterprise Edition can perform scheduled scans at specific times, or carry out one-off scans on demand.
  • You can configure repeat scans to run indefinitely or until a defined endpoint.
  • You can view in a single place the entire scan history for a given web site.
Burp Suite Scan

Unlimited scalability:

  • Burp Suite Enterprise Edition has extreme scalability and can scan indefinitely many web sites in parallel.
  • You can configure all of your organization’s web sites in one place, organized to reflect your organizational structure.
  • All scan results are aggregated in one place, providing an at-a-glance view of your organization’s security posture
  • The scalable agent pool distributes workload across multiple machines, allowing your deployment to grow to any size, and perform as many parallel scans as your organization requires.
  • Burp Suite Enterprise Edition supports multiple users with role-based access control (RBAC) to restrict access to sensitive data. There are no licensing restrictions on the number of users.
Burp Suite Scan 2

CI/CD Integration:

  • Bring security automation forward in your development lifecycle using Burp’s CI integration.
  • Automatically launch vulnerability scans from your CI system via the REST API.
  • There are ready-made native CI plugins for popular platforms such as Jenkins and TeamCity, and a generic CI driver that can be easily installed in any CI system.
  • You can run scans per commit, on a schedule, or as part of your deployment pipelines.
  • CI integration can be configured to break software builds based on the severity of discovered issues.
BurpSuite CI-CD Integration

HTML reports

Burp Scanner Report
Burp Scanner Report 2
  • The BApp Store is a repository of ready-to-use extensions contributed by the Burp user community. These can be installed with a single click from within the Burp UI.

Download the Software and Install it:

To begin installing Burp Suite visit and select the Get Community option (the third one) to get Burp Suite for free.

Burp Suite Community Edition

Click on the green Download button.

Burp Suite Community Edition -2

Save the .sh script and give it execution permissions by running:

chmod +x <package.sh>

In this case for the current version at this date I run:

chmod +x burpsuite_community_linux_v2020_1.sh

burpsuite community linux

Once the execution rights were given execute the script by running:

./burpsuite_community_linux_v2020_1.sh

A GUI installer will prompt, press on “Next” to continue.

burpsuite wizard

Leave the default installation directory (/opt/BurpSuiteCommunity) unless you need a different location and press Next to continue.

burpsuite wizard - 2

Seek “Create Symlink” selected and leave the default directory and press Next.

burpsuite wizard - 3

The installation process will start. Once the process ends click on Finish.

From your X-Window manager apps menu select Burp Suite, in my case it was located on the category “Other”.

Burpsuite window manager

Decide if you wish to share your Burp Suite experience or not, click I Decline, or I Accept to continue.

Leave Temporary Project and press Next.

Burpsuite setup

Leave Use Burp defaults and press Start Burp to launch the program.

You’ll see Burp Suite main screen:

Burp Suite main screen

Before proceeding, open Firefox and open http://burp.

A screen like the shown below will show up, on the upper right corner click on CA Certificate.

Download and save the certificate.

On the Firefox menu click on Preferences, then click on Privacy and Security and scroll down until you find the Certificates section, then click on View Certificates as shown below:

Burp Suite Certificate Import

Click on Import:

Burp Suite Certificate Import - 2

Select the certificate you got previously and press Open:

Click on “Trust this CA to identify websites.” and press OK.

Burp Suite Certificate Import - 3

Now, still on the Firefox Preferences menu click on General in the menu located in the left side and scroll down until reaching Network Settings, then click on Settings.

Burp Suite Certificate Import - 4

Select Manual Proxy Configuration and in the HTTP Proxy, field set the IP 127.0.0.1, checkmark the “Use this proxy server for all protocols”, then click OK.

Burp Suite Certificate Import - 5

Now Burp Suite is ready to show how it can intercept traffic through it when defined as proxy. On Burp Suite click on the Proxy tab and then on the Intercept sub tab making sure intercept is on and visit any website from your Firefox browser.

The request between the browser and the visited website will go through Burp suite, allowing you to modify the packets as in a Man in the Middle attack.

BurpSuite Attack

The example above is the classical Proxy feature show for beginners. Yet, you do not always can configure the target’s proxy, if you did, a keylogger would be more helpful than a Man in the Middle attack.

Now we will use DNS and the Invisible Proxy feature to capture traffic from a system we cannot configure the proxy on.

To begin run Arpspoof (on Debian and based Linux systems you can install with through apt install dsniff) Once installed dsniff with arpspoof, to capture packets from the target to the router on the console run:

sudo arpspoof -i <Interface-Device> -t <Target-IP> <Router-IP>

BurpSuite Attack - 2

Then to capture packets from the router to the target run in a second terminal:

sudo arpspoof -i <Interface-Device> -t <Router-IP> <Target-IP>

To prevent blocking the victim enable IP forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

Redirect all traffic to port 80 and 443 to your device using iptables by running the commands below:

# sudo iptables -t nat -A PREROUTING -p tcp — dport 80 -j DNAT — to-destination
192.168.43.38
# sudo iptables -t nat -A PREROUTING -p tcp — dport 443 -j DNAT — to-destination
192.168.43.38

Run BurpSuite as root, otherwise some steps like enabling new proxies on specific ports won’t work:

# java -jar -Xmx4g /opt/BurpSuiteCommunity/burpsuite_community.jar

If the following warning appears press OK to continue.

Burpsuite warning

Once BurpSuite is open, click on Proxy>Options and click on the Add button.

BurpSuite Proxy Settings

Select 80 and on Specific address select your Local network IP address:

Then click on Request handling tab, checkmark Support Invisible proxying (enable only if needed) and press OK.

BurpSuite Proxy Settings - 2

Repeat the steps above now with port 443, click on Add.

BurpSuite Proxy Settings- 3

Set the port 443 and again select your local network IP address.

BurpSuite Proxy Settings - 4

Click on Request Handling, checkmark support for invisible proxying and press OK.

Mark all proxies as running and as invisible.

BurpSuite Proxy Settings - 5

Now from the target device visit a website, the Intercept tab will show the capture:

Burp Suite — Web Security Testing

As you can see you managed to capture packets without previous proxy configuration on the target’s browser.

Recommended Courses

VILT & Self-Paced

AZ-204 Developing Solutions for Microsoft Azure

This self-paced course will help you prepare for the Azure Developer certification exam AZ-204: Developing Solutions for Microsoft Azure.

Self-Paced

AZ-900: Microsoft Azure Fundamentals Tutorial

AZ-900: Microsoft Azure Fundamentals Tutorial provides foundational level knowledge on cloud concepts; core Azure services; security, privacy, compliance, and trust; and Azure pricing and support.

Self-Paced

AZ-400 Designing and Implementing Microsoft DevOps Solutions

This self-paced course will help you prepare for the Azure DevOps certification exam AZ-400: Designing and Implementing Microsoft DevOps Solutions.

0 0 votes
Article Rating
Subscribe
Notify of
guest

5 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Paul
Paul
2 years ago

Hi there! Would you mind if I share your blog with my Facebook group?

There’s a lot of people that I think would really enjoy your content.
Please let me know. Thanks

julie
julie
2 years ago

I like the valuable info you provide in your articles.
I’ll bookmark your weblog and check again here frequently.
I am quite certain I will learn plenty of
new stuff right here! Good luck for the next!

VB68 Kèo Nhà Cái
VB68 Kèo Nhà Cái
1 year ago

Everything is very open with a very clear description of
the issues. It was really informative. Your site is very useful.
Thank you for sharing!

CáCh ChơI Keno
1 year ago

This post will help the internet people for building up new webpage or even a weblog from start
to end.

Check out my web blog … CáCh ChơI Keno

Mazie
Mazie
1 year ago

Very good article. I will be facing some of these issues as well..