burp-suite-web-application-testing

# Burp Suite Web Application Testing ## Purpose Execute comprehensive web application security testing using Burp Suite's integrated toolset, including HTTP traffic interception and modification, request analysis and replay, automated vulnerability scanning, and manual testing workflows. This skill enables systematic discovery and exploitation of web application vulnerabilities through proxy-based testing methodology. ## Inputs / Prerequisites ### Required Tools - Burp Suite Community or Professional Edition installed - Burp's embedded browser or configured external browser - Target web application URL - Valid credentials for authenticated testing (if applicable) ### Environment Setup - Burp Suite launched with temporary or named project - Proxy listener active on 127.0.0.1:8080 (default) - Browser configured to use Burp proxy (or use Burp's browser) - CA certificate installed for HTTPS interception ### Editions Comparison | Feature | Community | Professional | |---------|-----------|--------------| | Proxy | ✓ | ✓ | | Repeater | ✓ | ✓ | | Intruder | Limited | Full | | Scanner | ✗ | ✓ | | Extensions | ✓ | ✓ | ## Outputs / Deliverables ### Primary Outputs - Intercepted and modified HTTP requests/responses - Vulnerability scan reports with remediation advice - HTTP history and site map documentation - Proof-of-concept exploits for identified vulnerabilities ## Core Workflow ### Phase 1: Intercepting HTTP Traffic #### Launch Burp's Browser Navigate to integrated brows...