Burp Vulnerability Scanner
The Burp Vulnerability Scanner is a tool used for testing web penetration. The Burp Vulnerability Scanner, part of the Burp Suite, is used by many cybersecurity professionals across the world. Many large retailers, banks, financial institutions, and government agencies use it to make information technology assets and applications more resilient to cyber threats.
There is a free version that is capability limited. There are also Professional and Enterprise Editions, which have important additional features:
- The Burp Enterprise Edition has an automated Web vulnerability scanner. This version allows scheduling of scans, scalability across the largest enterprise, and CI pipeline integration. It also includes many manual tools.
- The Burp Professional Edition is more limited in terms of scheduling capability and doesn’t scale to fit a large enterprise. It also does not support the CI integration capabilities of the Enterprise Edition. The Professional edition is highly useful for web pentesters, bug bounty hunters, and most cybersecurity professionals. Burp Suite Professional is licensed by users and installation sites.
- The Burp Suite Community Edition includes a variety of manual tools designed to fit the needs of researchers and hobbyists. It is a quick way to get a feel for some capabilities of the Burp Suite. The free version’s manual tools have most of what you need to begin scanning and much more.
In addition to scanning, Burp can also support compliance audits, security audits, and related risk analysis. It is an excellent tool and enables you to quickly understand the vulnerabilities of a particular network that are exposed and accessible.
Burp technology utilizes out-of-band techniques (OAST) in addition to regular scanning. Burp can also identify server-side vulnerabilities not easily identified any other way. Burp classifies Web vulnerabilities by both type and severity.
The Burp Suite contains many tools, in partial summary here:
Proxy. Burp contains an intercepting Proxy, which lets users inspect and modify traffic between the browser and the targeted application. Burp Proxy is an intercepting proxy server and operates as a man-in-the-middle between the browser and the targeted application. This enables the interception and potential modification of all HTTP/S traffic. You can easily analyze all kinds of content and apply detailed rules to determine which requests and responses are intercepted for manual testing. You can also view all traffic in the Proxy history using search and filtering capabilities. Proxy also lets you work with custom SSL certs. Proxy also supports workflow, which allows a user to use the app as normal but still have control of request and response traffic.
Spider. Burp contains an application-aware Spider, for crawling content and functionality. Burp Spider is highly useful mapping web applications. Burp Spider automates a process to quickly catalog an application. Burp lets you manually use your browser and inspects traffic passing through the Burp Proxy and then classifying and cataloging everything which is identified. Burp Spider can actively crawl the application, automatically follows links, submitting forms, and more. This provides a full site map of discovered content in convenient tree and table formats. The Spider can deal with highly complex applications, and manages login credentials and session cookies. You can save your work at any time, and then resume working later. The Burp Spiders builds up a detailed site map of the targeted application and records all the requests made by Burp Proxy. The active spidering function maps out any areas that might have been missed and sends these to other Burp tools for further manual or automated attacks.
Burp Scanner. Burp contains an advanced web application Scanner, for automating the detection of numerous types of vulnerability and helps you find, track and fix vulnerabilities in web applications. The Burp Scanner performs and identifies all the OWASP top 10 vulnerabilities. The Burp Scanner has broad adoption and is one of the most widely used scanners in the world today.
Intruder Tool. The Burp Intruder performs powerful customized attacks to find and exploit highly unusual vulnerabilities. Burp Intruder can automate customized attacks against web applications to find and exploit potential vulnerabilities. Burp Intruder is highly configurable, and allows you to find common vulnerabilities such as cross-site scripting, buffer overflow and SQL injection. Burp Intruder can enumerate identifiers used within the application which can, for example, include usernames, account numbers, and other highly sensitive information. Burp Intruder allows you to design and deliver specialized brute-force attacks targeting session handling, authentication, broken access controls and more.
Repeater Tool. Burp contains a Repeater tool, for manipulating and resending individual requests. Burp Repeater allows testers to manually modify individual HTTP requests, and then analyze their responses. Burp Repeater allows you to send requests from other Burp Suite tools to test manually within the Burp Repeater.
Sequencer Tool. Burp contains a Sequencer tool, for testing the randomness of session tokens. Burp Sequencer analyzes security tokens issued by an application. Burp Sequencer is most often used to test the quality of an application’s session tokens. In order to protect the application, they must be as unpredictable as possible. Burp Sequencer is used to provide deep analysis of an application’s session tokens.
Burp Extender. Burp Extender lets testers and security teams expand the functionality of Burp Suite. Extensions can be written in Python, Java, and Ruby. The API is highly extensible and enables many additional capabilities. Burp Extender can enable access to key runtime data, including target site map and proxy history.
In summary, the Burp Suite is a powerful, flexible, and highly capable tool set used widely by penetration testers, security teams, and information technology teams. The Burp web vulnerability scanner has substantial drill-down capabilities that allow for an in-depth analysis of specific applications and URLs to view potential issues in deep detail. Burp also functions as an HTTP proxy server such that all HTTP/S traffic from the browser is routed through it. Burp can also check for cross-site scripting (XSS), SQL injection, and many other vulnerabilities, and brings substantial automation to otherwise manual penetration testing activities.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.
Get started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.