burp suite pro

hey guys, i have been using burp suite pro for a while both in work and on here. i still consider myself an novice with the tool but i use the active scanning, discovery, repeater, intruder on a regular basis.

i wondered if anyone here uses any extensions or has any recommended reading for fully utilising the tool?

any advice welcome

Comments

  • I would recommend Decoder Improved, Notes, and JSON Beautifier for added extensions. As for learning Burp Suite itself, I would focus more on learning the HTTP protocol, the tool will come naturally after that. Use it on normal sites, rest apis, soap apis, etc...

  • @cdf123 said:
    I would recommend Decoder Improved, Notes, and JSON Beautifier for added extensions. As for learning Burp Suite itself, I would focus more on learning the HTTP protocol, the tool will come naturally after that. Use it on normal sites, rest apis, soap apis, etc...

    thanks for the info. i will check it all out

  • Logger++ is really useful for figuring out wtf you did during a long session.
    I find CO2, Auto-Repeater, and Copy as python requests super handy.

    Looking for past Hack the Box write-ups or other security stuff? Feel free to visit: https://dastinia.io <3

  • @onlyamedic said:
    Logger++ is really useful for figuring out wtf you did during a long session.
    I find CO2, Auto-Repeater, and Copy as python requests super handy.

    perfect , thanks for the advice

  • edited September 2018

    for anyone else reading it later, i recommend not using burp sh1t at all, or zaproxy, it uses much ressources and isnt that useful, plus cant be scriptable as it is GUI.

    Firefox has everything you need nowadays, use wfuzz for all kind of fuzzing coupled with SecLists, and you can pretty much do everything what burp can, but with a nice dark mode and less ressources

    EDIT : forgot, burp isnt FOSS, even more reasons not to use it

Sign In to comment.