


With repeater you can try parameters on the same page without doing any extra work with the browser. This becomes tremendously useful when trying a variety of payloads on the same request.

Stay safe and use intentionally vulnerable applications for practice. Using Burp Suite on domains you do not own can be illegal. Burp allows us to list out each domain in our scope and let’s us modify our interactions with the webpage by acting as a middle-man between the user and website.ĭisclaimer: Only use Burp on domains that you have permission to scan and attack. In order to begin testing a website for vulnerabilities we must understand what attack vectors are available to us. So you want to start web application security testing or penetration testing? Every security researcher has their favorite tools and one that is sure to top many of their lists of favorites is Burp Suite. Where to start with a whole domain at your fingertips?
