Burp Suite ဆိုတာဘာလဲ ?
Burp ကေတာ့ website security ပိုင္းဆိုင္ရာမွာ အလြန္ကိုေကာင္းမြန္တဲ့ tools တခုပါ ။ Security သုေတသနေတြနဲ႔ Security Pentester ေတြအမ်ားဆံုး အသံုးၿပဳၾကပါတယ္ ။ Interface ေပါင္းေၿမာက္မ်ားစြာနဲ႔ Tools အမ်ိဳးမ်ိဳးပါ၀င္ၿပီး programming languages တခုျဖစ္တဲ့ Java နဲ ့ေရးထားေသာ Application တခုျဖစ္ပါတယ္ ။
ပါ၀င္တဲ့ Features ေတြက :.:
Proxy: Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.
Spider: Burp Spider is a tool for mapping web applications. It uses various intelligent techniques to generate a comprehensive inventory of an application’s content and functionality.
Scanner: Burp Scanner is a tool for performing automated discovery of security vulnerabilities in web applications. It is designed to be used by penetration testers, and to fit in closely with your existing techniques and methodologies for performing manual and semi-automated penetration tests of web applications.
Intruder: Burp Intruder is a tool for automating customised attacks against web applications.
Repeater: Burp Repeater is a tool for manually modifying and reissuing individual HTTP requests, and analysing their responses. It is best used in conjunction with the other Burp Suite tools. For example, you can send a request to Repeater from the target site map, from the Burp Proxy browsing history, or from the results of a Burp Intruder attack, and manually adjust the request to fine-tune an attack or probe for vulnerabilities.
Sequencer: Burp Sequencer is a tool for analysing the degree of randomness in an application’s session tokens or other items on whose unpredictability the application depends for its security.
Decoder: Burp Decoder is a simple tool for transforming encoded data into its canonical form, or for transforming raw data into various encoded and hashed forms. It is capable of intelligently recognising several encoding formats using heuristic techniques.
Comparer: Burp Comparer is a simple tool for performing a comparison (a visual “diff”) between any two items of data. In the context of attacking a web application, this requirement will typically arise when you want to quickly identify the differences between two application responses (for example, between two responses received in the course of a Burp Intruder attack, or between responses to a failed login using valid and invalid usernames), or between two application requests (for example, to identify the different request parameters that give rise to different behaviour).
Source: http://www.portswigger.net/suite/
Top 125 Network Security Tools ေတြထဲမွာ Burp Suite ဟာ 13 ေနရာမွာ တည္ရွိေနျပီး 2013 top 15 hacking tool ထဲမွာ နံပါတ္ 1 ေနရာမွာတည္ရွိေနပါတယ္ ။ Burp Suite ဟာ SQLmap လိုမ်ိဳး Click and Automatic tool တမ်ိဳးမဟုတ္တလို Webscanner သီးသန္ ့လဲမဟုတ္ပါဘူး .. .. ေနာက္ Burp Suite Tutorial ေတြ ဖတ္ရင္ နားလည္လာျပီး အရသာေတြ ့လာပါလိမ့္မယ္ ။
