Skip to content

May, a month without Burp

by on April 30, 2013

Burp is an amazing tool, don’t get me wrong, but I think it makes you do the test “the Burp way” so you end doing the same routines all the time and learning nothing new at the end.

Also, sometimes, you are in a place (customer site) where you cannot install Burp or they don’t have Java installed and you have to use another approach to test that internal app. My idea is to use a new tool for each week this month along with Burp to compare results and to learn new tricks that may become handy in some situations.

I’m planning to use the following tools, if you know another one, please feel free to add it in the comments section so I can also have a look to them:

The top three of the previous list use .Net framework which makes them a bit difficult to use in Linux (maybe under wine I’ll be able to execute them…) while the last one uses Java, like Burp. On corporate environments it is more likely, in my experience, to have .Net but not Java. Also Fiddler can work even if the user does not have administrative privileges.

After the experiment I’ll come back here and write my experiences with each tool, or you can go on twitter and check my real time rant about the problems I might find 😛

From → pentura

  1. simon permalink

    When stuck on networks where I cant really install any software, but the Firefox policy is a bit lax and you can install plugins. I’ve used “TamperData”.
    Additionally, in the past I have used WebScarab from OWASP.

    • Pedro Laguna permalink

      Hi Simon! That’s the idea, get back to the roots: a browser, a proxy and the word wide web… or the local intranet! 😛

      So far I has been using IronWASP on some tests and I have to say it’s quite interesting piece of software, like a fiddler (as they use its core) on steroids. Only problem so far is that it needs .Net framework 4, which is not usually installed by default.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: