Burp-Attacking Web Application

Burp Suite is an integrated platform for attacking web application.It contains many tool with numerous interface between them designed to facilitate and speed up the process of attacking an application.Generally, to test an application, you want to slow down the transmission of data to and from the server to a snail’s pace so you can read and modify the transmitted data; hence
the proxy.

proxies were capable of slowing down the connection in only the outbound direction and as such, a user could only alter the information being transferred to the server; however, that’s only part of the equation when analyzing a Web application.

Sometimes you want to be able to modify the incoming data. For example, you might want to modify a cookie so that it doesn’t use HttpOnly, or remove a JavaScript function. Sometimes you just want a bidirectional microscopic view into every request your browser is making. And then Burp Proxy come in work.

Burp Proxy is part of a suite of Java tools called Burp Suite that allow for Web application penetration.

For Download Burp Suite Click Here

To get started, you need the Java run time environment installed, which you can get from’s Web site. Once that is installed you modify your proxy settings in your browser to use localhost or at port 8080.I am given a example of Mozila Browser,here set your settings like below picture and work...

After set Mozila Configuration then open the Burp Suite please remember Burp Suite is a executable ZAR file so for run this it is necessary you also install JAVA run time environment.

The Intercept and Options windows are the most important ones that we will be focusing on. First let’s configure Burp Proxy to watch both inbound and outbound requests. Under “Options” uncheck resource type restrictions, turn on interception of Server Responses, and uncheck “text” as a content type.This will show you all of the data to and from every server you connect to.
Summary is make your Burp Suite Settings like below pic...

This is also a good way to identify spyware you may have on your system.

Once this has been configured, you should be able to surf and see any data being transferred to and from the host.This will allow you to both detect the data in transit and modify it as you see fit. Of course any data you modify that is sent to your browser affects you and you alone, however, if it can turn off JavaScript client side protection this can be used to do other nefarious things, like persistent XSS, which would normally not be allowed due to the client side protections in place. Also, in the days of Asynchronous JavaScript and XML (AJAX), this tool can be incredibly powerful to detect and modify data in transit in both directions, while turning off any protection put in place by the client to avoid modification by the browser.

When You Enter a site name in browser and click on 'forward' button then it given lot of information about your site like below picture...

You are also capable to watching the Cookies and remove it manually by going on Proxy>>Intercept>>Params like below pic...

For watch information in Hex code then click on 'hex' like below pic...

if you wanted to find only XML files for debugging AJAX applications, a Burp proxy rule can be created to capture just this information.

By use of this Tool you able to doing many attack like XSS,MIMA and many more.It just only the intro of BURP SUITE If You want Complete Knowledge of all tool of Burp like how to find USERNAME AND PASSWORD BY USE OF THIS TOOL so please given your GOOD COMMENT.Your Good Comment Encourage me for write New post on BURP.


  1. Anonymous said...:

    Really nice post,i m never hear about it.

  1. Micheal Huear said...:

    Really nice post dude,i am first time hear about you.Your work done and also explanation make it too easy,thanks for share.

  1. Very good tutorial can you show me on how to use it to change high scores in online website my email

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Hackarde's Search Engine- Search Hacking Tutorial,Tool and eBook

HACKARDE © 2011 | Designed by HrDe