Introduction

When I first came into contact with web security, I was eager to find an integrated penetration testing tool. I finally chose burp suite. In addition to its powerful functions, it is also easy to use and use. So I downloaded a cracked version from the Internet to use. I remember it was version 1.2 at that time, and its function is not as powerful as it is now. In the process of using, it is found that there are too few books about burpseuite on the Internet, most of which are sporadic and fragmentary, not systematic. Later, a lot of videos about burpseuite appeared slowly, and the status quo is getting better and better. But every time I encounter unknown problems, I still have to search the official documents and English web pages of burpsuite to solve the problems. It is these problems that slowly make me feel that it is necessary to organize a comprehensive Chinese course of burpsuite, which is a modest effort for the web security community. This series of articles you see now are also available.

I chose the common name of the books in the IT industry: "the practical guide of burpsuse". You can call me the Chinese writer. The content of the article mainly comes from the official documents of burpsuse and the experience summary of many foreign security bulls. I just compiled the current Chinese course based on their experience, understanding and practice. I have no plan to publish this book as a paper book. In the spirit of it people's Internet sharing, I put it in GitHub to make a free e-book. In the industry, it is a small contribution; in oneself, it is a summary and exercise.

The above is a small note.

Thank you for reading this book. If you find any mistakes during reading, please send an email to [email protected]. Thank you for your criticism and correction.

This book contains the following chapters:

Part I burp suite Foundation

• Burp suite installation and environment configuration
• Burp suite agent and browser settings
• How to use the burp suite agent
• SSL and proxy advanced options
• How to use burp target
• How to use burp spider
• How to use burp scanner
• How to use burp intruder
• How to use the burp repeater
• How to use burp sequencer
• How to use burp decoder
• How to use burp comparer

Part II burp suite advanced

• Use of data search and expansion functions
• Burpsuite global parameter settings and use
• Use of burp suite store plug-ins
• How to write your own burp suite plug-in

Part III comprehensive use of burp Suite

• Testing web services services with burp Suite
• Automatic SQL injection penetration test with burp and sqlmap
• XSS detection with burp and phantomjs
• Android App penetration test with burp and Android killer