- Proxy - interception of the http(s) requests
- Spider - build a map of applications URLs
- Scanner (professional version only) - automated discovery of security vulnerabilities
- Intruder - enumerating identifiers, harvesting useful data, and fuzzing for common vulnerabilities
- Repeater - edit a request, send it, and analyze the answer
- Sequencer - randomness analysis
- Decoder - intelligent decoding and encoding of application data
- Comparer - "diff" between any two items of data
Configuration of the Browser to be tested
-
set the proxy as host=
127.0.0.1 and port=8080 for HTTP and HTTPS protocols
Allocate more memory when launching Burp
-
java -jar -Xmx500m burpsuite_v1.2.jar
To avoid to intercept the K3 pings
- click on the proxy tab
- click on the option subtab
-
add
and URL does not match ^/k3/notificationservlet\?command=getNotifications.* in
-
do the same in if server responses are also intercepted
To intercept the server responses (this is not the case by default)