Burp Suite Professional 1.7.26


BurpSuite Professional

Automated crawl and scan:

  • Coverage of over 100 generic vulnerabilities, such as SQL injection and cross-site scripting (XSS), with great performance against all vulnerabilities in the OWASP top 10.
  • Scan exactly what you want. You can perform a full crawl and scan of an entire host, or a particular branch of the site content, or an individual URL.
  • Support for nested insertion pointsallowing automatic testing of custom application data formats, such as JSON inside Base64 inside a URL-encoded parameter.
  • Support for numerous types of attack insertion points within requests, including parameters, cookies, HTTP headers, parameter names, and the URL file path.
  • Burp’s advanced application-aware crawler can be used to map out application contents, prior to automated scanning or manual testing.
  • Use fine-grained scope-based configuration to control exactly what hosts and URLs are to be included in the crawl or scan.
  • Automatic detection of custom not-foundresponses, to reduce false positives during crawling.
  • Different modes for scan speed, allowing fast, normal, and thorough scans to be carried out for different purposes.

Advanced scanning for manual testers:

  • View real-time feedback of all actions being performed during scanning. The active scan queue shows the progress of each item that is queued for scanning. The issue activity log shows a sequential record of all issues as they are added or updated.
  • Use the passive scanning mode to identify flaws such as information disclosure, insecure use of SSL, and cross-domain exposure.
  • You can fully control what gets scanned using live scanning as you browse. Each time you make a new request that is within your defined target scope, Burp automatically schedules the request for active scanning.
  • You can place manual insertion pointsat arbitrary locations within requests, to inform the Scanner about non-standard inputs and data formats.
  • Burp can optionally report all reflected and stored inputs, even where no vulnerability has been confirmed, to facilitate manual testing for issues like cross-site scripting.
  • Burp Scanner can automatically move parameters between different locations, such as URL parameters and cookies, to help evade web application firewalls and other defenses.
  • Different modes for scan accuracy, to optionally favor more false positives or negatives.
  • Use the active scanning mode to interactively test for vulnerabilities like OS command injection and file path traversal.
Please login to view full content

Leave a Reply