Services

AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital

Industries

Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty

References Technologies

Lab

Blog Know-how Tools

About Collaboration Careers

Language

CS EN

Burp Suite Basics — Web Security Testing

04. 12. 2025 1 min read intermediate

Burp Suite is a swiss-army knife for web security testing. Proxy, scanner, repeater, intruder — tools for every testing phase.

Key Tools¶

Proxy: Capturing and modifying HTTP requests
Scanner: Automatic vulnerability detection
Repeater: Manual testing — repeating and modifying requests
Intruder: Automated attacks (brute force, fuzzing)
Decoder: Encoding/decoding (base64, URL, HTML)

Workflow¶

Set up browser proxy (127.0.0.1:8080)
Browse the application — Burp maps endpoints
Scanner finds automatic findings
Repeater for manual testing
Intruder for parameter fuzzing

Example — IDOR Testing¶

1. Capture request in Proxy¶

GET /api/users/123/profile HTTP/2 Authorization: Bearer eyJ…

2. Send to Repeater¶

3. Change ID: /api/users/456/profile¶

4. If you get 200 → IDOR vulnerability!¶

Key Takeaway¶

Burp Suite Community Edition is free. Proxy + Repeater are your main tools. For automation use Scanner (Pro versions).

securityburp suitewebtesting

Share:

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

Další know-how

HTTP Security Headers — Complete Overview

All important security HTTP headers in one place.

OWASP Top 10 — Web Application Security

OWASP recommendations in Java EE. SQL injection, XSS, CSRF, and how to defend against them.

CORS konfigurace — Cross-Origin Resource Sharing

Správná konfigurace CORS. Preflight requesty, Access-Control hlavičky.