This book is designed to teach the knowledge of a skilled Burp user that will allow users to effectively conduct various types of tests with any online application that you want to test. The book begins by familiarizing users to Burp Suite on various operating platforms and shows you how to alter the settings to maximize performance. It will then help you learn about SSH port forwarding, as well as SOCKS-based proxy servers. Additionally, you will gain hands-on experience with Burp’s features including Target, Proxy, Intruder, Scanner, Repeater, Spider, Sequencer, Decoder and many more. It will then shift to extracting, searching, and matching patterns in responses and requests, and you will be taught how to use upstream proxy servers as well as SSL certificates. In the next step, you’ll be diving in the realm of Burp Extensions, and learn how to create simple extensions of your own using Java, Python, and Ruby.
When you’re a professional tester you’ll need to be able to document your work, protect it, and occasionally expand the tools you’re using. You will be taught how to do this in the last chapter within this text.
For Whom This Book Is For
If you’re looking to learn how to test web-based applications as well as the web component of mobile apps using Burp This is the right book for you. This book is designed specifically to meet your requirements when you’ve had some experience in Burp and looking to develop into a professional user of Burp.
What You’ll Learn
- Be familiar with the user-driven workflow to ensure that you are able to test any web-based application
- Be familiar with the usage of each component in BurpaEUR”Target and Proxy, Intruder Scanner, Repeater and BurpaEUR”Target.
- Search for, extract, and match patterns of responses and requests by using response extraction rules URL-matching rules, Grep Match Match
- Install and test SSL-enabled apps without issues
- Block SSL data from all types of mobile and web-based applications
- Create custom Burp Extensions to fit your requirements using Java, Python, and Ruby