Reputation: 204
How Burp exactly scans a request
I just started working with Burp professional suite 2.0.6 beta. After proxy recording, I just right-click and perform the scan with default configuration.
I want to know exactly what happens in that scan. It covers pen testing, but how?
Does it sends requests to the server and analyze the response, if so, take an example of POST API call. Does Burp replaces the input and sends the call to the server?, but in UI, I can't see any new thing(as POST method) created. Then how does Burp analyzes response?
In my application, if a Form is submitted, the response will be "Form Submitted. Submitted ID:9898" which is JSON output.
Some one please guide or teach me the correct things on how exactly Burp scans a request.
Upvotes: 0
Views: 544
Answers (1)
Reputation: 277
You can use the Logger++ extension from the BApp store to monitor activity from Burp Scanner:
Upvotes: 1
Related Questions
- Send requests with Python (intercepted with Burp)
- How to pentest rest apis using burpsuite?
- How to intercept websites with HSTS(HTTP Strict Transport Security)
- How to intercept local server web requests using Burp in Internet Explorer
- Can we send the api endpoint urls for scan without its payload and http method?
- REST API - how does the client know what a valid payload is to POST to the resource?
- Burp Extension: add header to response
- RestApi testing using Rest-Assured
- How is basic authentication header validated/checked in a rest api
- Tool to intercept RESTful webservices