Shulou(Shulou.com)05/31 Report--

This article introduces the relevant knowledge of "what are the modules of Burpsuite". In the operation of actual cases, many people will encounter such a dilemma. Then let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Port is a service, and each service corresponds to one or more ports. Port scanning is to detect whether a specific port of a host provides the corresponding service through some methods. Using these scan results, normal users can access the services provided by the system, while hackers can take advantage of the vulnerabilities in these services to attack the system. By scanning the ports, you can find out which ports are open in any system, that is, what services are provided.

What is BurpSuite?

Burp Suite is an integrated platform for attacking web applications. It contains a number of tools and many interfaces are designed for these tools to facilitate faster attacks on applications. All tools share a powerful and extensible framework for processing and displaying HTTP messages, persistence, authentication, agents, logs, and alerts.

Introduction to BurpSuite

Burp Suite can work efficiently with a single tool, such as:

A central site map is used to summarize the collected target application information and to guide the work of a single program through a determined scope.

When a tool handles HTTP requests and responses, it can choose to call any other Burp tool. For example, requests logged by agents can be used by Intruder to construct a custom automatic attack guideline, by Repeater to manually attack, by Scanner to analyze vulnerabilities, or by Spider (web crawler) to automatically search for content. Applications can run "passively" rather than generating a large number of automatic requests. Burp Proxy parses all passed requests and responses into connections and forms, and the site map is updated accordingly. With complete control over every request, you can detect sensitive applications in a non-invasive way.

When you browse the web (depending on the defined target range), you can discover security vulnerabilities by automatically scanning requests through proxies.

When Burp Suite is running, Burp Proxy opens the default port 8080 as the local proxy interface. By setting up a web browser to use its proxy server, all site traffic can be blocked, viewed, and modified. By default, requests for non-media resources are intercepted and displayed (the default value can be changed through the options option in the Burp Proxy option). Analyze all the default scenarios for traffic through the Burp Proxy site, and then incorporate them into the target site map to outline a picture of the content and functions of the visited application. In Burp Suite Professional, by default, Burp Scanner passively analyzes all requests to identify a series of security vulnerabilities.

BurpSuite module

Target (target)-- a function of the target directory structure-- Proxy (proxy)-- intercepts HTTP/S 's proxy server, acting as an intermediary between the browser and the target application, allowing you to intercept, view, and modify the original data flow in both directions. Spider (Spider)-an application-sensitive web crawler that can fully enumerate the content and functions of an application. Scanner (Scanner)-an advanced tool that automatically discovers security vulnerabilities in web applications after execution. Intruder (intrusion)-A customized, highly configurable tool to automate attacks on web applications, such as enumerating identifiers, collecting useful data, and using fuzzing technology to detect general vulnerabilities. Repeater (repeater)-A tool that uses manual operations to trigger individual HTTP requests and analyze application responses. Sequencer (session)-A tool used to analyze the randomness of unpredictable application session tokens and important data items. Decoder (Decoder)-A tool for manual execution or intelligent decoding and encoding of application data. Comparer (comparison)-A visual "difference" between two pieces of data is usually obtained through some related requests and responses. Extender-allows you to load Burp Suite extensions and use your own or third-party code to extend the functionality of Burp Suit. Options (setting)-- some settings for Burp Suite 12. Alerts (warning)-- A writing error occurred during the operation of Burp Suite, "what are the modules of Burpsuite?" this is the end of the introduction, thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.