Burp Suite Professional 2.1.04  著名的web應用程序滲透測試集成平台
burpsuite是款著名的web應用程序滲透測試集成平台；它可以快速的幫助用戶分析，映射、來尋找、利用安全漏洞的過程，並且軟件的所有工具都是整體測試的程序，還可支持無縫的在一起進行工作；而且進行工具或者軟件的對比，可通過相關的請求、響應得到數據的對比，使用非常的簡單，操作方便，是款非常值得信賴的軟件。

BurpSuiteisareliableandpracticalplatformthatprovidesyouwithasimplemeansofperformingsecuritytestingofwebapplications.Itgivesyoufullcontrol,lettingyoucombineadvancedmanualtechniqueswithvarioustoolsthatseamlesslyworktogethertosupporttheentiretestingprocess.Theutilityiseasy-to-useandintuitiveanddoesnotrequireyoutoperformadvancedactionsinordertoanalyze,scanandexploitwebapps.Itishighlyconfigurableandcomeswithusefulfeaturestoassistexperiencedtesterswiththeirwork.

Themainwindowdisplaysalltheavailabletoolsyoucanchoosefromandseteachone’ssettingsthewayyouwant.
Beingdesignedtoworkalongsideyourbrowser,theapplicationfunctionsasanHTTPproxy,thusalltheHTTP/strafficfromyourbrowserpassesthroughtheutility.Thisway,ifyouwanttoperformanykindoftesting,youneedtoconfigurethebrowsertoworkwithit.

Thefirstthingyouneedtodoistoconfirmthattheapp’sproxylistenerisactive.SimplynavigatetotheProxytabandtakealookintheProxyListenerssection.YoushouldseeanentryinthetablewiththeRunningcheckboxticked.Thesecondthingyouarerequiredtodoistoconfigureyourbrowsertousetheapp’sproxylistenerasitsHTTPproxyserver.Finally,youneedtoconfigurethebrowsertobeabletosendHTTPrequeststhroughtheappwithoutproblems.
Thepreviouslymentionedutilitygivesyoucompletecontroloveralloftheactionsyouwanttoperformandgetdetailedinformationandanalysisaboutthewebapplicationsyouaretesting.UsingtoolssuchasIntruder,Repeater,SequencerandCompareryouareabletocarryoutdifferentactionswithease.

WiththehelpofSpider,youcancrawlanapplicationtolocateitscontentandfunctionality.YouareabletoaddnewscopebyselectingtheprotocolandspecifyingthehostnameortheIPrange.Thentheutilitymonitorsallthetransferredbytesandqueuedrequests.
TheIntrudertoolenablesyoutoperformattacksagainstwebapps.Simplysetthehostnameandtheportnumber,defineoneormorepayloadsetsandyouaredone.YoucanalsousetheHTTPprotocolbycheckingtheproperboxfromtheTargettab.

AnothertoolthatautomatestestingtasksiscalledSequencer,whichanalyzesthequalityofrandomnessinanapplication’ssessiontokens.Firstly,youneedtoloadatleast100tokens,thencapturealltherequests.
Overall,BurpSuiteFreeEditionletsyouachieveeverythingyouneed,inasmartway.Ithelpsyourecord,analyzeorreplayyourwebrequestswhileyouarebrowsingawebapplication.

FeaturesofProfessionalEdition:
-BurpProxy
-BurpSpider
-BurpRepeater
-BurpSequencer
-BurpDecoder
-BurpComparer
-BurpIntruder
-BurpScanner
-SaveandRestore
-Search
-TargetAnalyzer
-ContentDiscovery
-TaskScheduler
-ReleaseSchedule

Homepage

https://portswigger.net