TECHNOPHILE

Why Burp Suite is the best proxy tool

This post is totally personal and not intended to make a comparison between proxy tools, moreover no intention of promoting a brand or company. I used burp for almost all my projects for 4+ years, it is hands down the best bang for the buck commercial software I’ve ever used. Today Portswigger have released Burp Suite 2.0 beta and I would like to share my experience on why Burp is my personal favourite.

  • Filters: For requests that are saved to improve performance
  • Save: Save all your settings as well as your current state to a file
  • In built scanner: Both passive (just looks at the requests it’s receiving) and an active (extrusive) vulnerability scanner
  • Intruder tab: It can accept a request template attack it with lots of options.
  • Repeater tab: A better interface for altering a request and sending it back out than the dev tools and lets you view the response in several formats. Even render the HTML.
  • Option to turn a request into an easy CSRF PoC with lots of useful options
  • Right click copy to several formats: Such as a ready to go curl request to throw into your script
  • SSL/TLS bypass: Nothing to explain here
  • Network traffic interception.
  • Requests list can be viewed in many useful formats such as a tree structure
  • Configure requests to automatically handle authentication
  • Support for websockets! Bingo.
  • Tool for running sequences to test things like session cookie entropy: Typical
  • Decoder tab: Translate data to urlencoded, base64, hex, etc
  • Plugin support: The most beautiful part
  • Supports collaboration
  • Run via cli: It can even run scanners via cli

The new features significantly outweigh the minor risks of using the beta. Just want to say Portswigger have been doing some really quality work lately.

 


Share
Leave a Comment

Recent Posts

How to migrate from LastPass to Bitwarden

As a LastPass user, you might have noticed the changes introduced last day. The message… Read More

2 years ago

Amazon AWS network security checklist

This post presents with a few bunches of AWS network security checklist. It is basically… Read More

3 years ago

The long curated web security checklist based on OWASP

What is this web security checklist? Here is a curated web security checklist for developers… Read More

3 years ago

Penetration Testing for dummies – Part 3: Networking basics

In the last part of the blog series we have seen the history of internet… Read More

3 years ago

Penetration Testing for dummies – Part 2: Understanding web applications

Welcome back budding pen-testers. :) In the first part of the blog series we have… Read More

3 years ago

How to enable SSH on Google Cloud Compute Engine

Last day I was riddling with Evilginx, a phishing attack tool. It needs to be… Read More

4 years ago