Burp Suite

Overview

Burp Suite is the standard web application security testing platform. Its intercepting proxy captures and modifies HTTP/HTTPS traffic between browser and server. Includes: Scanner (automated vulnerability detection), Intruder (parameter fuzzing), Repeater (manual request modification), Sequencer (token randomness analysis), and Decoder (encoding/decoding). Community Edition is free; Professional adds the scanner and advanced features.

Instructions

Step 1: Proxy Setup and Traffic Interception

1. Start Burp Suite → Proxy tab → Intercept is On
2. Configure browser proxy: 127.0.0.1:8080
3. Install Burp CA certificate for HTTPS interception:
   - Browse to http://burpsuite
   - Download CA certificate
   - Import into browser trust store

4. Browse the target application normally