BurpSuite
BurpSuite
a framework of web application pentesting tools, is widely regarded as the de facto tool to use when performing web app testing.
Comparer
a tool that can be used to compare different responses or other pieces of data such as site maps or proxy histories ; very similar to the Linux tool 'diff'
Target Tab
allows users to perform the following : defining our scope, viewing a site map, and specifying issue definitions
"Happy Path"
browsing a website with lowest privilege as a normal user would in order to discover the full extent of the site
Repeater
Burp Suite Component : 'repeats' requests that have previously been made with or without modification; often used in precursor step to fuzzing with the aforementioned Intruder
Decoder
Burp Suite Component : a tool that allows us to perform various transforms on pieces of data ; these transforms vary from decoding/encoding to various bases or URL encoding
Proxy
Burp Suite Component : allows us to funnel traffic through Burp suite for further analysis.
Sequencer
Burp Suite Component : analyzes the 'randomness' present in parts of the web app which are intended to be unpredictable ; commonly used for testing session cookies
Scanner
Burp Suite Component : automated web vulnerability scanner that can highlight areas of the application for further manual investigation or possible exploitation with another section of Burp (Premium version)
Intruder
Burp Suite Component : incredibly powerful tool for everything from field fuzzing to credential stuffing and more
Extender
Burp Suite Component : similar to adding mods in video games, this tool allows us to add components such as tool integration, additional scan definitions, and more
Target
Burp Suite Component : used to set the scope of a project; can also be used to effectively create a site map of the application we are testing.