Burp Suite is a framework of web application pentesting tools. See ZAP for a similar (completely free) tool).

Burp Suite needs to be able to act as a proxy. Follow this tutorial by tryhackme to set up FoxyProxy in firefox

Components

Burp suite has a number of different components:

• Proxy: Funnel traffic through Burp
• Target: Scope the project. Can be used to create a sitemp of the application we are testing.
• Intruder: Powerful tool. Can be used for field fuzzing to credential stuffing
• Repeater: "Repeat" requests. Often used with fuzzing.
• Sequencer: Analyze the "randomness" present where random is intended
• Decoder: Transforms data
• Extender: Add extensions
• Scanner (Premium Feature): Automated web vulnerability scanner

Intruder

Positions

From the Positions tab, you may select different fields to attack.

Attack type

• Cluster Bomb: Brute force. Iterate through every combination of the payloads.

Payloads

Add payloads (dictionaries).

To start the attack, press the attack button in the top right corner. :)

Proxy

Intercept

The intercept tab intercepts web traffic and allows you to view the request. You can send particular parts of this request to different modules, such as the Intruder module.