BurpSuite

BurpSuite

a framework of web application pentesting tools, is widely regarded as the de facto tool to use when performing web app testing.

Comparer

a tool that can be used to compare different responses or other pieces of data such as site maps or proxy histories ; very similar to the Linux tool 'diff'

Target Tab

allows users to perform the following : defining our scope, viewing a site map, and specifying issue definitions

"Happy Path"

browsing a website with lowest privilege as a normal user would in order to discover the full extent of the site

Repeater

Burp Suite Component : 'repeats' requests that have previously been made with or without modification; often used in precursor step to fuzzing with the aforementioned Intruder

Decoder

Burp Suite Component : a tool that allows us to perform various transforms on pieces of data ; these transforms vary from decoding/encoding to various bases or URL encoding

Proxy

Burp Suite Component : allows us to funnel traffic through Burp suite for further analysis.

Sequencer

Burp Suite Component : analyzes the 'randomness' present in parts of the web app which are intended to be unpredictable ; commonly used for testing session cookies

Scanner

Burp Suite Component : automated web vulnerability scanner that can highlight areas of the application for further manual investigation or possible exploitation with another section of Burp (Premium version)

Intruder

Burp Suite Component : incredibly powerful tool for everything from field fuzzing to credential stuffing and more

Extender

Burp Suite Component : similar to adding mods in video games, this tool allows us to add components such as tool integration, additional scan definitions, and more

Target

Burp Suite Component : used to set the scope of a project; can also be used to effectively create a site map of the application we are testing.