Close Menu
Technotification
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram
    Technotification
    • Home
    • News
    • How To
    • Explained
    • Facts
    • Lists
    • Programming
    • Security
    • Gaming
    Technotification
    Home › Security › Web Application Penetration Testing with BurpSuite – Part 1

    Web Application Penetration Testing with BurpSuite – Part 1

    By Vikram Singh RaoJuly 1, 2017
    Facebook Twitter Reddit LinkedIn
    Burp-Suite

    A tutorial on how to get started and/or pace up web application penetration testing with BurpSuite

    Since you are looking for serious stuff, I won’t beat around the bush. Let’s get into the content.

    Information to Retain:

    BurpSuite is an all in one tool for web application penetration testers created by Dafydd Stuttard under the alias Portswigger. Dafydd is also the co-author of the famous book The Web Application Hacker’s Handbook. BurpSuite contains following tools.

    1. Proxy Server for request/response analysis
    2. Password cracker and username enumerator
    3. Input Field Brute Forcer
    4. Web Spider
    5. Decoder for common encodings(URL, BASE64 etc)
    and much more.

    How to get started:

    The simple steps are:

    1. Choose a Browser ( I prefer Mozilla Firefox)
    2. Choose localhost(127.0.0.1) at 8080 as a proxy in your chosen browser.
    3. Fire Up Burpsuite and configure the proxy in the Options window of a proxy main window.
    4. you are all set!

    Stuff to know about HTTP:

    HTTP is an application layer protocol that runs over TCP. It works on request-response architecture i.e. the client sends a request and the server responds with a response.

    A typical request/ response has two parts
    1. Header Part
    2. Content Part

    Header part contains various name-value pairs and some headers that determine many parameters of communication.
    The working of HTTP and types of headers in a request/response is a vast topic which I’ll cover in another article before getting into advanced stages of Web app pentest. For now, this information is enough.

    First Thing to do:
    Spidering is the first to be done as recommended by many pentesters. The reason being you will need to enumerate web services before you can come out with a proper plan to attack their components. A spider maps out the web application to give you a clear picture of the structure of the web app. It is a skill to be learned with practice.

    I’ll cover more sophisticated stuff in the upcoming articles.

    Share. Facebook Twitter LinkedIn Tumblr Reddit Telegram WhatsApp
    Vikram Singh Rao
    • Website
    • Facebook
    • X (Twitter)
    • LinkedIn

    I am an entrepreneur at heart who has made his hobby turned a passion, his profession now.

    Related Posts

    The Psychology of a Phishing Email: How Scammers Play with Your Mind

    July 16, 2024

    9 Essential Elements of a Strong Cyber Security Management System

    July 3, 2024

    Common Cyber Attacks and How to Prevent Them

    July 3, 2024

    How Cyber Security Paid Training Prepares You for Real-World Threats

    June 13, 2024

    The Role of Security in Server Colocation Environments

    March 12, 2024

    Navigating the Waters: Best Practices for Phishing Testing in 2024

    February 19, 2024
    Lists You May Like

    10 Sites to Watch Free Korean Drama [2025 Edition]

    January 2, 2025

    The Pirate Bay Proxy List in 2025 [Updated List]

    January 2, 2025

    10 Best RARBG Alternative Sites in April 2025 [Working Links]

    April 1, 2025

    10 Best Torrent Search Engine Sites (2025 Edition)

    February 12, 2025

    10 Best GTA V Roleplay Servers in 2025 (Updated List)

    January 6, 2025

    5 Best Torrent Sites for Software in 2025

    January 2, 2025

    1337x Alternatives, Proxies, and Mirror Sites in 2025

    January 2, 2025

    10 Best Torrent Sites for eBooks in 2025 [Working]

    January 2, 2025

    10 Best Anime Torrent Sites in 2025 [Working Sites]

    January 6, 2025

    Top Free Photo Editing Software For PC in 2025

    January 2, 2025
    Pages
    • About
    • Contact
    • Privacy
    • Careers
    Privacy

    Information such as the type of browser being used, its operating system, and your IP address is gathered in order to enhance your online experience.

    © 2013 - 2025 Technotification | All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.