

What is Burp Suite

Installing Burp Suite

Burp Suite Pro Vs Free Version

How To Use Burp Suite

Burp Suite Modules

Advanced Scanning With Burp Suite

Burp Suite Automated Scanning

In this tutorial, you're going to learn

What is Burp Suite?

Why Burp Suite





Note: Don't mind you can use only Burp Suite For Attacking Web Applications, You Can Use Many Others Vulnerability Scanning tools during your penetrating attacks.

Burp Suite pro vs Free

Automate Scannings

Scheduled & Repeat Scanning

Advanced Manual Tools





How does Burp Suite work



Burp Suite Working Process







How to use Burp Suite

Burp Suite Installation





Burp Suite Modules

Burp Suite Modules

Spider:

Intruder:

Repeater:

Sequencer:

Decoder:

Scanner:

How To Configure Burp Proxy on Browser





Configure Burp Proxy on Firefox

Burp Suite SSL Settings





Burp Suite SSL Error





Import Burp SSL Certificate

Burp Suite SSL pass-through

Attacking web applications with burp suite





How to configure burp suite for localhost application





Advanced web application penetration testing with burp suite





Conclusion:

If you're looking for a good web application vulnerability scanner then Burp Suite Stands in the first place, its features and built-in automated scanners makes it a super fan of hackers.As a beginner there might be a lot of issues with Burp Suite, a few years back, me too came across the same situation that I wanted to learn how hackers hack websites and get paid for bug bounty, but there is lack of improper knowledge in me, thus I was failed to do so😞I don't want everyone to face the same, so In this tutorial am going to teach you the basic concepts a beginner web pentester worries about.is a java based framework used for web application vulnerability scanning, and it comes with a collection of vulnerability scanning tools, it's goal is to intercept the traffic between the web browser and the server.Most of the people questioning about why They Should Use Burp Suite while there are a lot of web vulnerability scanners out there,Well that's the common question newbies asks the most,Burp Suite Comes with a collection of scanners for various vulnerabilities also it has automation features, real-time traffic interactions between the browser and the server that makes us easy to understand better,For that one of my friends did a survey in a Black hat Hackers Group, here is the resultsYup Burp Suite Stands Out.This is a quite tricky question that Popups while using Burp Suite,With The Free Version, you can't be able to availBurp Suite Works as an Interception Proxy Between your Browser and the Server, when you make a request via the Browser, First it goes to Burp Proxy then the Server, and it gets a response from the server then passes to Browser.If you're usingthen Burp Suite is Pre-installed with the free version, for other operating systems you can download and install Burp Suite from the Portswigger website.However the installations process is very easy, you have to choose your operating system and Download Burp Suite on Official Portswigger website Now you have installed Burp Suite and looking for attacking web applications, but before that, you have to do some configuration to Burp Suite and your Browser to make sure it works, it's a simple set up as follows.Burp suite interface is very easy to understand that anyone can easily understand and analyze the traffic packets send through your browser to the server,Burp suite also comes with many Modules that confuse the newbies,Here are the modules to keep in mindThis Module is Useful at scanning and scrapping the given pages.This module is used for Repetitive tasks such as brute force attacksThis module is used for Repetitive tasks by sending requests to the destination pageThis module is used for Fuzzing Session CookiesThe decoder is a useful module for encoding and decoding hex, HTML, binary, and many other hashesThis module is used for automating attacks against any page.Let's seeTo make Burp Suite Works, you must have to do some sort of configurationThe first thing is to Choose A Browser Which you're going to configure with Burp Proxy, in this guide am going to choosethat's a good browser for hackers, but you can choose any other browsersOpen FirefoxClick Onin the Main Menu, then click onAfter That Click onthen click onNow tick on Manual Configuration, then in the Proxy area typeand in the port asThis is what happens when you try to access HTTPS sites.Burp Suite Works as HTTP proxy but what about the servers which use the advanced technology such as SSL 😟Burp Suite Works even on HTTPS😇But before that we have installed some Certificates, follow below steps to do so.Step1: Open Web BrowserStep2: Now In The Address Bar TypeYou will be shown a pageStep3: Now click onafter that a file will be downloadedStep4: Now you have to import the file to Firefox certificatesFor that openthen go toclick onnow scroll down and click onStep5: Now Click onthen select the downloaded file then click on OKThat's it you have successfully Configured SSL on Burp Suite, Now Go back and try opening an https site,You can read more about the burp suite SSL on Portswigger blog Now We have ready to attack web applications, now you have to choose a target site and do some practice,Also, you can use localhost web apps to practice,Let's seeIf you're on Kali Linux then you have to install the Apache Server on your Machine to get started, if you still don't know then check out this tutorial on installing Apache on Kali If you're on Windows, Linux then you have to use WAMP Most Of the People Faces the problem that the interceptor is not working for localhost applications, this usually happens if there is a configuration problem in the browserFollow Below Steps To Fix this1. (for firefox) go toand changeto true2. tryinstead of http://127.0.0.3:80 (dot added after IP address)Though Attacking Web Applications Is not an easy job, it requires a lot of practice, for that you have to learn and practice a lot,And If you want to be a master web hacker then you must try these vulnerable web applicationsHope you guys got a clear understanding on How Burp Suite Helps us to attack web applications in a secure environment if you still have any queries then feel free to comment below.