Burp Suite Tools

Overview of the various tools available in Burp Suite

Burp Suite includes a variety of specialized tools designed to support different aspects of web application security testing. Each tool serves a specific purpose within the overall testing workflow.

Available Tools

Proxy

Intercept and modify HTTP/S traffic between your browser and target applications

Scanner

Automatically scan web applications for vulnerabilities

Intruder

Perform customized automated attacks against web applications

Repeater

Manually modify and resend individual HTTP/S requests

Decoder

Encode, decode, and transform application data

Comparer

Compare different pieces of data at the word or byte level

Sequencer

Analyze the randomness of session tokens and other data

Target

Define the scope of your testing and analyze the target site structure

Extender

Add extensions to enhance Burp Suite's functionality

Options

Configure Burp Suite settings and preferences

Callout:

Each tool can be accessed from the top navigation bar in Burp Suite. The tools work together seamlessly, allowing you to pass data between them for comprehensive testing.

Tool Integration

Burp Suite tools are designed to work together in various testing workflows:

  1. Reconnaissance and mapping

    • Use Proxy to browse the application
    • Target captures the site map automatically
    • Analyze the structure in Target

  2. Vulnerability discovery

    • Use Scanner for automated detection
    • Use Intruder for targeted testing
    • Use Repeater for manual verification

  3. Analysis and exploitation

    • Use Decoder to analyze encoded data
    • Use Comparer to identify differences
    • Use Repeater to refine and exploit vulnerabilities

  4. Reporting and documentation

    • Capture evidence with Proxy history
    • Document findings with Scanner reports
    • Verify fixes by retesting with Repeater

Next Steps