-
Burpsuite Professional is it time ???
Hello Chris, my question is since i have been struggling for the past 13 months to find my first vulnerability. Using tools and manually testing and so on would be a good idea to cut the BS and upgrade to the professional edition of BurpSuite. Considering, it’s the top rated tool out there and most elite ethical hackers are using it to find all kinds of bugs and so on. I mean i have done research on this tool and used to the community edition but of course that comes with limitations.
You told me using a proxy like Burp would help my chances compared to using scanners that are designed to find bugs but give a lot of false positives and not much else. So Chris you know my current situation, what is your professional advice and guidance to get me towards finding those sweet bugs ?
– As always, thank you.
-
4 Replies
-
I do think that upgrading to the professional edition of Burp can be a great investment. However, like with most other things, it will only be a great investment if you also invest in and dedicate time to learning how Burp works.
Burp does have some overlapping features with some of the automated scanners you’ve mentioned using in the past, but it doesn’t always mean it will completely replace them. Also, automated scanners are there as a tool you can use in addition to your other efforts. What I mean by that is buying Burp pro won’t magically reveal more bugs overnight but it will give you a tool that can help you explore an application, understand how requests are sent back and forth, and try stuff out by intercepting and replaying those requests.
Hope this helps and good luck!!
-
Thank you, but when it comes to SQL Injection and OS Command Injection, are SQLMap and Commix still good tools to use rather than getting Burp Professional for now to find and prove these vulnerabilities ?
– Also when it comes to these two, would they most certainly be blind these days ?
-
Burp, sqlmap, and Commix serve very different purposes. Yes, Burp does have some tooling that can do scans for sqli or OS command injections, but sqlmap is dedicated to finding sqli and Commix is dedicated to finding OS command injections. Those tools were built for very specific purposes instead of trying to do everything under the sun.
This is a terrible analogy, but my brain is mush right now and I can’t think of a better one: it’s kind of like if you bought a weed eater and asked if you could cut your grass with it. Technically you could, but it’ll take longer and won’t look even or good at all. So instead, you go and get a tool dedicated to the task: a lawnmower. The lawnmower will do a great job of cutting your grass, but it won’t help with your edges or the rest of your yard.
So oftentimes, you’ll use a proxy tool like Burp or ZAP to thoroughly check out your target, and if you find interesting endpoints that you want to test for sqli, you’ll pull out sqlmap and use the information you’ve proxied from Burp to craft attacks with sqlmap.
-
-
-
Such a great message, i totally understand what you are saying because my head is all over the place as well. For the past couple of months, i have been at a crossroads on this issue is what vulnerability to go after. I know you have shown me charts and stats of what is trends say and what people i know. At this point since it has been so long and its time to choose which vulnerability to go after which one is going to give me fewer headaches. Now i need to ask you Chris if you were in my situation what vulnerability would you focus on and go after to bring some sort of result ?
- SQL Injection ?
- Command Injection ?
- Cross-Site Scripting ?
<div>
Of course i don’t expect any to be easy but if i am still looking for my first vulnerability which should i focus on because i am struggling mentally on this.
</div>