دانلود کتاب Burp Suite Essentials

Chapter 1, Getting Started with Burp, starts with an introduction to Burp Suite.
We will cover some of the advanced flags that can be passed to the software when
we invoke it from the command line. By the end of this chapter, you will have a
pretty good idea of running Burp Suite in various operating systems, while being
able to tweak it for maximum performance.
Chapter 2, Configuring Browsers to Proxy through Burp, explains that interception proxies
work best when used with a browser software. Even though it is quite simple to get
Burp working with a browser, advanced users can use additional browser extensions
to perform powerful and customized integrations. By the end of this chapter, you will
have configured your browser to use Burp as an interception proxy. Additionally,
using browser extensions, you will create a powerful chain of tools to perform web
security testing.
Chapter 3, Setting the Scope and Dealing with Upstream Proxies, shows how more
and more complex web applications are being tested, including the ones that run
primarily on mobile platforms. How does one configure Burp Suite to intercept in
such cases? Testing web applications available on the Internet is quite simple with
Burp, but how do we test applications that are inside corporate networks, running
on company intranets? By the end of this chapter, you will know how to work with
SSH port forwarding, SOCKS-based proxies, and intercept HTTP traffic coming from
mobile devices.
Chapter 4, SSL and Other Advanced Settings, teaches that SSL-enabled applications
sometimes require additional configuration. Usually, you add the Burp Suite CA
certificate to your browser and start testing, but sometimes this is not desirable
or possible at all. Some additional settings make it possible for nonbrowser-based
HTTP applications and thick clients to be tested. By the end of this chapter, you will
be able to set up and test SSL-enabled applications without any errors. You will also
be able to test thick clients or clients that are not proxy-aware.
Chapter 5, Using Burp Tools As a Power User – Part 1, shows that Burp Suite is powerful
due to its amazing set of tools. We will start with Target, covering Site map and Scope,
and then we will move to Proxy, which is the workhorse for testers. Then, we will
move to the attack tool of choice, Intruder. After Intruder, we will cover the Scanner
tool and discuss when we should use the Scanner tool. We will end the chapter with
the Repeater tool, which supercharges the manual testing part by making it dead
simple to repeat requests and see responses.

Chapter 6, Using Burp Tools As a Power User – Part 2, covers the other tools that
make up the Burp Suite software and shows us how tools such as Spider, Sequencer,
Decoder, Comparer, and Alerts work in sync to provide us with what we need to
test web applications.
Chapter 7, Searching, Extracting, Pattern Matching, and More, explains that the suite of
tools provided by Burp is quite powerful in terms of performing the heavy lifting of
crafting HTTP requests and responses based on our actions on the web applications.
An important aspect of this power is the ability to match, extract, find, grep, and
search all the requests and responses based on our requirements. In this chapter,
you will learn the various ways in which we can search, extract, and pattern match
data in requests and responses, which allow us to complete our testing.
Chapter 8, Using Engagement Tools and Other Utilities, covers something called the
engagement tools of Burp suite. These tools allow us to automate some of the more
mundane and boring parts of the security testing process. Engagement tools is a
Pro-only feature of Burp Suite. Apart from the engagement tools, we will look at some
smaller utilities that aid the testing process such as Search, Target Analyzer, Content
Discovery, Task Scheduler, CSRF PoC Generator, and Manual Testing Simulator.
Chapter 9, Using Burp Extensions and Writing Your Own, shows that not only does
Burp Suite come with its own rich set of tools, but it also provides API interfaces
to extend its functionality. Many security researchers have written extensions that
enhance the native functionality or add to the already rich toolset. By the end of this
chapter, you will be able to use Burp Extensions and even write a sample extension
in Python.
Chapter 10, Saving Securely, Backing Up, and Other Maintenance Activities, states that
Burp Suite is just like any other testing tool. As with any software, it is imperative
that you make regular backups and carry out other maintenance activities. By the
end of this chapter, you will have all the knowledge about ensuring that your Burp
Suite data is backed up properly and securely and how you can run scheduled tasks
for backup and other maintenance activities.
Chapter 11, Resources, References, and Links, provides a number of great resources
and references that you can rely on. It provides you with the primary references that
you should follow to get more insight into how web security practitioners use Burp.
We will list useful and informative resources for application security as well.