Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: burp suite

User Enumeration with Burp Suite – HAKIN9 03/2009

The latest issue of HAKIN9 is due to hit the shelves soon. Alongside a number of other intresting articles you’ll find one on user enumeration with Burp Suite. As with any article, blog post or other content I write, feedback is always well received. So please take time to let me know what you think. After all we can only improve if we know where we’ve gone wrong.

Didier Stevens also has an article on PDF formats, which from my understanding is the start of a series on the topic of evil PDF files. If anybody knows evil PDF’s then it’s definetly Didier Stevens.

New Burp suite

The Blog over at blog.portswigger.net has been buzzing for the last month about the new version of Burp Suite. After a short time in beta testing (with users of the professional version) it’s been released for those using the free version. I’ve had a quick look over the features and think that version 1.2 is a big step in the right direction.

I’ve flitted backwards between using OWASP’s Webscarab, and Burp Suite. As much as I’ve always wanted to go the free route and use Webscarab, something kept pulling me back to Burp. I guess it just makes things easier. The new version seems to fill in some gaps, and I’ll be looking at the pro license soon to really get the full benefit.

The professional version includes the new burp scanner (passive and active scanning) seems to fill a void a lot of people have been looking for. i.e. an affordable web-application scanner that actually works. No automated scan will find everything, but users of Burp suite already know that. so the addition of a scanner just seems to make sense at this point. One thing I wish was in the free version however was the save/restore session function. Then again, I can see why this is held back for the paying customers.

Some of the new features include .:

  • Site map showing information accumulated about target applications in tree and table form
  • Fully fledged web vulnerability scanner [Pro version only]
  • Suite-level target scope configuration, driving numerous individual tool actions
  • Display filters on site map and Proxy request history
  • Ability to save and restore state [Pro version only]
  • Suite-wide search function
  • Support for invisible proxying

Checkout the full details at www.portswigger.net