Burp

  • PortSwigger: SQL injection attack, listing the database contents on Oracle
    Hello, world wide web and welcome to HaXeZ where today we’re looking at PortSwigger Web Security Academy: SQL injection 8. This lab requires you to query the information schema to get the table name, column names and then perform a UNION injection to get the administration username and password. It’s the same as the last lab except for this time we need to alter our syntax as we’re doing it against an Oracle database.

About Burp

Hello world, welcome to Haxez. Burp Suite is a popular web application testing tool used by security professionals to identify vulnerabilities in web applications. It offers a wide range of features and functionalities that allow users to perform various tests and assessments.

Web Proxy

Firstly, Burp Suite provides an intercepting proxy that allows users to intercept and modify the traffic between the browser and the server. This feature is useful for identifying vulnerabilities such as Cross-Site Scripting (XSS) and SQL Injection.

Secondly, it also includes an automated scanner that can detect vulnerabilities in web applications. The scanner can be customized to scan for specific vulnerabilities and can also perform authenticated scans.

Burp Repeater

Additionally, it has a feature called Repeater that allows users to repeat requests and modify parameters to test the application’s response. This feature is useful for testing different scenarios and identifying vulnerabilities such as Authentication Bypass.

Moreover, Burp Suite includes a Sequencer that can be used to test the randomness of tokens generated by the application. This feature is useful for identifying vulnerabilities such as Session Fixation and Predictable Session Tokens.

Burp Intruder

Furthermore, it has an Intruder feature that allows users to perform brute-force attacks on web applications. This feature can be used to test the strength of passwords and identify vulnerabilities such as Weak Passwords.

Conclusion

In conclusion, Burp Suite is an essential tool for web application security testing. Its wide range of features and functionalities makes it a popular choice for security professionals. The intercepting proxy, automated scanner, repeater, sequencer, and intruder are some of the features that make Burp Suite a comprehensive testing tool. Its ease of use and customizable options make it a versatile tool for identifying vulnerabilities in web applications. I use it for every web application test and I have struggled to find anything as good as it. Zap is a good contender but the additional features you get in the premium version of Burp are great.