This article is a part of the Guide for Burp Suite series. Within the previous article, we see Introduction of Burp Suite. Now we'll move forward and learn about the different tools which are available with Burp Suite. So Let's Get Started.
Burp Suite contains various tools for performing different testing tasks. The tools operate effectively together, and you can pass interesting requests between tools as your work progresses, to carry out different actions.
List of different tools available with Burp Suite
Target - The Target tool contains the site map, with detailed information about your target applications. It lets you define which targets are in scope for your current work and also lets you drive the process of testing for vulnerabilities.
Proxy - Burp Proxy lies at the heart of Burp's user-driven workflow, and lets you intercept, view, and modify all requests and responses passing between your browser and destination web servers.
Intruder - Burp Intruder is a powerful tool for automating customized attacks against web applications. It can be used to automate all kinds of tasks that may arise during your testing.
Repeater - Burp Repeater is a simple tool for manually manipulating and reissuing individual HTTP requests, and analyzing the application's responses. You can send a request to Repeater from anywhere within Burp, modify the request and issue it over and over.
Sequencer - Burp Sequencer is a tool for analyzing the quality of randomness in a sample of data items. You can use it to test an application's session tokens or other important data items that are intended to be unpredictable, such as anti-CSRF tokens, password reset tokens, etc.
Decoder - Burp Decoder is a simple tool for transforming encoded data into its canonical form, or for transforming raw data into various encoded and hashed forms. It is capable of intelligently recognizing several encoding formats using heuristic techniques.
Comparer - Burp Comparer is a simple tool for performing a comparison (a visual "diff") between any two items of data.
Extender - Burp Extender lets you use Burp extensions, to extend Burp's functionality using your own or third-party code. You can load and manage extensions, view details about installed extensions, install extensions from the BApp Store, view the current Burp Extender API, and configure options for how extensions are handled.
Scanner - Burp Scanner is a tool for performing automated scans of web sites, to discover content and audit for vulnerabilities. This tool is only available with Enterprise and Professional editions.
Burp Collaborator - Burp Collaborator client is a tool for making use of Burp Collaborator during manual testing. You can use the Collaborator client to generate payloads for use in manual testing, and poll the Collaborator server for any network interactions that result from using those payloads. This tool is available with Enterprise and Professional editions.
Dashboard - Burp Suite is getting a brand new dashboard, which lets you monitor and control its automated activity. It shows the currently configured tasks, with a summary of their progress and results:
In further tutorials, we will discuss all the above-mentioned tools in detail.
Congratulations! finally, you know about the different tools which are available in Burp Suite and a small description of that specific tool. In the next part, we will discuss how we can Install and Configure the FoxyProxy tool with the Firefox browser.
#burpsuite #burpsuitetutorial #burp #webapplicaitonpentesting