Thursday, 21 April 2011

Tutorial on Burp Suite Repeater and Intruder

This tutorial on Burp Suite covers the Repeater and Intruder functionality.
  • Repeater allows you to play back a message to the server and amend it before it goes out.
  • Intruder allows you to play back messages, with various elements of the message varying with each playback e.g. a different set of parameters
In the tutorial video I explain how I use each function in my testing.
Other proxy tools do similar things. I also use JBroFuzz as it provides very similar functionality, so experiment with that too.

Did you can spot the deliberate mistake in the video? Blogging helps you make mistakes in public very easily – which helps you learn quickly. Any comments on the video will help me improve the quality of future videos.

Tuesday, 19 April 2011

No Excuses – Learn Burp Suite to aid your web testing

In March 2011 I gave a talk at the London Sigist on technical testing. I’ll make the slides for that available (…sometime soon). I didn’t want to give a ‘blaggers guide’ to technical testing. So I presented an overview of some of the thought processes and models I use.
At the end of the talk I provided a list of tools that I use. I use Burp Suite as one of my proxy servers.
I currently have a “No Excuses” hat on, so I currently try to provide as much information as I can in bite size chunks which people can pick up and move forward with. I wrote “Selenium Simplified” as a “Now you have no excuses for not learning how to program” book.
I recommend that if you want to go further with technical web testing you read the book “The Web Application Hacker’s Handbook” written by the people behind the Burp Suite tool. [] []
And in the same spirit I will now experiment with some videos. In the first of which I provide a simple overview of Burp Suite, in particular the Intercept and Site Map functionality. I don’t cover the nuances of usage, but I cover enough to get you started. So if you haven’t started using a proxy server as an essential part of your web testing… no excuses – start here:

I still have a lot to learn about creating video tutorials, so I appreciate all comments.