*** Welcome to piglix ***

Burp suite


Burp Suite created by PortSwigger Web Security is a Java based software platform of tools for performing security testing of web applications. The suite of products can be used to combine automated and manual testing techniques and consists of a number of different tools, such as a proxy server, a web spider, scanner, intruder, repeater, sequencer, decoder, collaborator and extender.

The Burp Proxy tool lies at the heart of Burp's user-driven workflow, and gives a direct view into how the target application works "under the hood". It operates as a web proxy server, and sits as a man-in-the-middle between the browser and destination web servers. This allows the interception, inspection and modification of the raw traffic passing in both directions.

Burp Scanner is a web application security scanner, used for performing automated vulnerability scans of web applications. Security testers can use Burp scanner alongside manual testing methodology to quickly identify many types of common vulnerabilities.

Burp Spider is a tool for automatically crawling web applications. It can be used in conjunction with manual mapping techniques to speed up the process of mapping an application's content and functionality.

Burp Suite's Intruder tool can perform automated attacks on web applications. The penetration tester must already have detailed knowledge of the application and HTTP protocol to be attacked. The tool offers a configurable algorithm that can generate malicious HTTP requests. The intruder tool can test and detect SQL injections, cross-site scripting, parameter manipulation and vulnerability for brute-force attacks.


...
Wikipedia

...