MASTG-TOOL-0077: Burp Suite
Burp Suite is an integrated platform for performing security testing mobile and web applications.
Its tools work together seamlessly to support the entire testing process, from initial mapping and analysis of attack surfaces to finding and exploiting security vulnerabilities. Burp Proxy operates as a web proxy server for Burp Suite, which is positioned as a man-in-the-middle between the browser and web servers. Burp Suite allows you to intercept, inspect, and modify incoming and outgoing raw HTTP traffic.
Setting up Burp to proxy your traffic is pretty straightforward. We assume that both your device and host computer are connected to a Wi-Fi network that permits client-to-client traffic.
PortSwigger provides good tutorials on setting up both Android as iOS devices to work with Burp:
- Configuring an Android Device to Work With Burp.
- Installing Burp's CA certificate to an Android device.
- Configuring an iOS Device to Work With Burp.
- Installing Burp's CA certificate to an iOS device.
Please refer to Setting Up an Interception Proxy (Android) and Setting up an Interception Proxy (iOS) for more information.