TECHNOPHILE

Why Burp Suite is the best proxy tool

Burp suite

This post is totally personal and not intended to make a comparison between proxy tools, moreover no intention of promoting a brand or company. I used burp for almost all my projects for 4+ years, it is hands down the best bang for the buck commercial software I’ve ever used. Today Portswigger have released Burp Suite 2.0 beta and I would like to share my experience on why Burp is my personal favourite.

  • Filters: For requests that are saved to improve performance
  • Save: Save all your settings as well as your current state to a file
  • In built scanner: Both passive (just looks at the requests it’s receiving) and an active (extrusive) vulnerability scanner
  • Intruder tab: It can accept a request template attack it with lots of options.
  • Repeater tab: A better interface for altering a request and sending it back out than the dev tools and lets you view the response in several formats. Even render the HTML.
  • Option to turn a request into an easy CSRF PoC with lots of useful options
  • Right click copy to several formats: Such as a ready to go curl request to throw into your script
  • SSL/TLS bypass: Nothing to explain here
  • Network traffic interception. 
  • Requests list can be viewed in many useful formats such as a tree structure
  • Configure requests to automatically handle authentication
  • Support for websockets! Bingo.
  • Tool for running sequences to test things like session cookie entropy: Typical
  • Decoder tab: Translate data to urlencoded, base64, hex, etc
  • Plugin support: The most beautiful part
  • Supports collaboration
  • Run via cli: It can even run scanners via cli

The new features significantly outweigh the minor risks of using the beta. Just want to say Portswigger have been doing some really quality work lately.

 

Leave a Reply

Your email address will not be published. Required fields are marked *