Burp suite web安全測試軟體

£100.00

Burp Suite 是一個用於測試 Web 應用程式安全性的圖形化工具。該工具使用Java編寫,由PortSwigger Web Security開發。該工具有三個版本。可以免費下載的社區版、專業版和試用後可以購買的企業版。社區版大大減少了功能。它是為Web應用程式安全檢查提供全面解決方案而開發的。除了代理伺服器、Scanner 和Intruder等基本功能外,該工具還包含更高級的選項,如Spider、Repeater、Decoder、Comparer、Extender和Sequencer。

貨號: Burp suite-1-1 分類: , ,

描述

Burp suite web安全測試軟體

功能介紹

Burp Suite 是用於攻擊 web 應用程式的整合平臺。從最基本的測繪(mapping)和應用程式的攻擊面分析,到尋找並藉機利用安全漏洞,Burp Suite允許攻擊者結合手工和自動技術去枚舉、分析、攻擊Web應用程式。這些不同的burp工具通過協同工作,有效的分享資訊,支援以某種工具中的信 息為基礎供另一種工具使用的方式發起攻擊。所有的工具都共享一個能處理並顯示 HTTP 訊息,永續性,認證,代理,日誌,警報的一個強大的軟體。

功能特色

  • Proxy: 使Burp作為Web proxy運行,並且位於瀏覽器和目標 Web server之間。
    可以利用這種方式從Burp攔截、檢查和修改在兩個方向上通過的HTTP內容。
  • Scanner: Web 應用程式安全掃描器,用於執行 Web 應用程式的自動漏洞掃描。
  • Intruder: 可以利用Intruder進行暴力破解攻擊。也可以檢測 SQL Injection、XSS等等漏洞。
  • Spider: 網站爬蟲,自動抓取 Web 應用程式的工具,可以幫助你建立網站Map。
  • Repeater: 可以用來手動測試HTTP Request的簡單功能,可以修改Request內容的請求,重新發送並觀察結果。
  • Decoder: 將已編碼的數據轉換為其規範形式,或將原始數據轉換為各種編碼和散列形式的工具。
  • Comparer: 在任意兩個數據項之間執行比較(一個可視化的「差異」)的工具。
  • Extender: 允許加載 Burp 擴展,使用安全測試人員自己的或第三方代碼(BAppStore)擴展 Burp 的功能
  • Sequencer: 分析數據項樣本隨機性的工具。它可以用於測試應用程式的會話令牌或其他重要的數據項,如反 CSRF 令牌、密碼重置令牌等。

版本比較

系統需求

What operating systems does Burp Suite Professional software run on?

Burp Suite Professional requires a computer with the official Java Runtime Environment (64-bit edition, version 1.7 or later) installed. JREs are available for various popular operating systems, including Windows, Linux and Mac OS X. If you are unsure whether your computer is suitable, you should first test the free community edition of Burp Suite on your computer to satisfy yourself that it works correctly.

What are the system requirements for running Burp Suite Professional software?

For the best experience with Burp Suite Professional, we recommend using a machine with at least 8 GB of memory and 2 CPU cores. If you are performing large amounts of work, or testing large or complex applications, you may need more memory than this. If you are unsure whether your computer is suitable, we recommend first testing Burp Suite Community Edition on your machine to satisfy yourself that it works correctly.

What operating systems does Burp Suite Enterprise Edition software run on?

Burp Suite Enterprise Edition requires a 64-bit machine running a modern Windows, Linux, or MacOS operating system. Note that multiple machines may be required depending on your intended usage.

 


Burp Suite Enterprise Edition system requirements
The system requirements for machines running Burp Suite Enterprise Edition are highly dependent on a variety of factors. These factors include:

  • How many concurrent scans you want to run
  • The nature and scope of the application being scanned
  • The number of issues reported
  • The number of active users of the Burp Suite Enterprise Edition web UI and APIs
  • Whether you are using a fully bundled deployment or have split the different components across multiple machines
  • Whether you have enabled Burp Scanner’s experimental new browser-powered scanning engine

 

As a result, the system requirements listed in this section are general recommendations that should provide satisfactory performance for most use cases. When provisioning machines, please be aware that you might need to upgrade them later depending on your actual usage.

General requirements
The following requirements apply regardless of your preferred deployment method:

  • All machines on which Burp Suite Enterprise Edition components are installed must have a 64-bit architecture.
  • location (configured during the installation process) must reside on locally attached storage rather than a network file system. Please note that the free space required is not only for the up-front installation. Disk space is used for storage of ephemeral data during scans and product updates.The disk

 

Be aware that to get the most out of Burp Suite Enterprise Edition, you will need to assign multiple agents to a machine. In many cases, this will require you to use a dedicated server or server-class virtual machine in order to meet the system requirements.

Bundled deployment
If you decide to use the bundled deployment option, assigning agents to your Enterprise server machine rather than to dedicated external machines, the following system requirements apply.

Note: Browser-powered scanning (BPS) requires a machine with more RAM but achieves greater coverage during scans.

Free disk space RAM (BPS enabled) RAM (BPS disabled) CPU cores
Base installation 10 GB 16 GB 16 GB
4
Per agent + 20 GB + 8 GB + 4 GB 4
Total with 2 agents 50 GB 32 GB 24 GB 12
Total with 5 agents 110 GB 56 GB 36 GB 24
Total with 10 agents 210 GB 96 GB 56 GB 44

 

External agent machines
Instead of assigning agents to your Enterprise server machine, you can deploy dedicated external machines on which your agents will run when performing scans. For each external agent machine, the following system requirements apply:

Note: Browser-powered scanning (BPS) requires a machine with more RAM but achieves greater coverage during scans.

Free disk space RAM (BPS enabled) RAM (BPS disabled) CPU cores
Base installation 10 GB 2 GB 2 GB 2
Per agent + 20 GB + 8 GB + 4 GB 4
Total with 2 agents 50 GB 18 GB 10 GB 10
Total with 5 agents 110 GB 42 GB 22 GB 22
Total with 10 agents 210 GB 82 GB 42 GB 42

 

Database and storage space
The amount of data that might be accumulated by Burp Suite Enterprise Edition depends on the number of scans that you perform and how many issues they find. The following table provides an approximate indication of the quantity of data that is likely to be accumulated:

Number of scans Data storage
1000 500Mb
10000 5Gb
100000 50Gb

 

The following types and versions of external databases have been tested and are fully supported:

Type Supported versions
MariaDB 5.6, 5.7, 10.1, 10.2, 10.3
Microsoft SQL server 2012, 2014, 2016, 2017
MySQL 5.7
Oracle 12.2, 18c
PostgreSQL 9.4, 9.5, 9.6, 10