• 首頁 Home
  • 關於友環 About Linksoft
  • 活動資訊 Events
  • 聯絡我們 Contact Us
  • 註冊
  • 登入
+886-2-2221-2155
[email protected]
0
已加入詢價收藏車: 0筆
  • 產品分類列表
    • 商務工具
    • 應用軟體
    • 開發及程式工具
    • 系統工具
    • 傳輸.遠控.郵件
    • 資訊安全工具
    • 文書處理
    • PDF 應用
    • 網頁相關
    • 圖表編輯
    • 簡報排版
    • 影音軟體
    • 統計分析軟體
    • 數值分析軟體
    • 學術研究軟體
    • 網頁相關
      • 商務工具 應用軟體 開發及程式工具 系統工具 傳輸.遠控.郵件 資訊安全工具 文書處理 PDF 應用 圖表編輯 簡報排版 影音軟體 統計分析軟體 數值分析軟體 學術研究軟體
    • 網頁安全
      • 網頁設計 網頁瀏覽 網頁分析 網頁打包及管理
    • Burp Suite 網頁弱點偵測工具
Burp Suite 網頁弱點偵測工具

本公司皆販售最新版本,目前版本僅供參考
最新版 Burp Suite Professional 2020.12.1 更新於 2020/12/17

加入詢價收藏車

直接詢價

  • 產品介紹
  • 特色
  • 版本比較
  • 系統需求

Burp Suite 是一個整合平台,針對執行網路應用程式的安全測試。它將各種工具完美結合在一起,以支援整個測試過程,從最基本的測繪(mapping)和應用程式的攻擊面分析,到尋找並藉機利用安全漏洞。Burp 讓你完全掌握、結合日新月異的自動化及先進的手工技術,使你的工作更快、更有效率且更有趣。

Burp Suite 包含以下關鍵組件:

攔截:Burp Proxy 讓你能檢查並修改你的瀏覽器和目標應用程式之間的通訊
應用程式警告:Burp Spider 針對抓取的內容及功能
Web應用程式掃描:Burp Scanner 可自動檢測多元類型的安全漏洞
入侵者工具:Burp Intruder 可執行功能強大的自定攻擊,去找尋且利用不尋常的安全漏洞
中繼器工具:Burp Repeater 可手動修改並補發單獨的HTTP請求,並分析其回應
Burp Sequencer 用於分析應用程式發出的安全關鍵符記的隨機程度
此外它也有能力保存你的工作並在之後恢復
可擴展性:Burp Extender 這項組件則讓你能夠輕鬆編寫自己的插件,在Burp中執行複雜且高度自定義的任務工作
Burp 易於使用且直接,讓新使用者能夠立即開始工作。Burp同時也是高度可配置的軟體,包含了許多強大的功能,來協助最具經驗的測試人員的工作。

 

*HTTP 訊息編輯器
用於查看並編輯HTTP需求與回應

*儲存及恢復狀態 (Pro版功能)

*搜尋工具

*目標分析
此功能用於分析目標web應用程式,其能告訴你有多少靜態與動態的URL、當中每個需要多少參數

*內容發現
可用於發現"不可見的內容"

*工作排程(Pro版功能)
你可以在規定的時間內,使用任務調度程序自動啟動和停止某些任務

*生成 CSRF PoC(pro版功能)
在特定請求下,可生成proof-of-concept(POC)cross-site request forgery (CSRF)攻擊

*URL-Matching規則
to define URL-based scoping for various functions, such as general Target scope, the scope of individual functions like live scanning, URLs returning streaming responses, and the scope of session handling rules.

*Response Extraction規則
to define the location within a response of a varying item that needs to be extracted.

*記憶設置
在默認情況下,Burp會記住所有的配置選項,即使關閉程式後,也能在下一次運行時恢復。

*手動測試模擬器

*警報
透過各工具所產生的警報有助解決網路連接或其他問題

 

Enterprise Professional

    
 V Web漏洞掃描程序
V 預定和重複掃描
V 無限的可擴展性
V CI集成
X 高級手動工具
X 基本的手動工具

 

    
V Web漏洞掃描程序
X 預定和重複掃描
X 無限的可擴展性
X CI集成
V 高級手動工具
V 基本的手動工

 

Web vulnerability scanner    Enterprise   Professional 

  • Coverage of over 100 generic vulnerabilities, such as SQL injection and cross-site scripting (XSS), with great performance against all vulnerabilities in the OWASP top 10.
  • Burp’s cutting-edge web application crawler accurately maps content and functionality, automatically handling sessions, state changes, volatile content, and application logins.
  • Burp Scanner includes a full JavaScript analysis engine using a combination of static (SAST) and dynamic (DAST) techniques for detection of security vulnerabilities within client-side JavaScript, such a DOM-based cross-site scripting.
  • Burp has pioneered the use of highly innovative out-of-band techniques (OAST) to augment the conventional scanning model. The Burp Collaborator technology allows Burp to detect server-side vulnerabilities that are completely invisible in the application’s external behavior, and even to report vulnerabilities that are triggered asynchronously after scanning has completed.
  • The Burp Infiltrator technology can be used to perform interactive application security testing (IAST) by instrumenting target applications to give real-time feedback to Burp Scanner when its payloads reach dangerous APIs within the application.
  • Burp’s scanning logic is continually updated with enhancements to ensure it can find the latest vulnerabilities and new edge cases of existing vulnerabilities. In recent years, Burp has been the first scanner to detect novel vulnerabilities pioneered by the Burp research team, including template injection and web cache poisoning.
  • All reported vulnerabilities contain detailed custom advisories. These include a full description of the issue, and step-by-step remediation advice. Advisory wording is dynamically generated for each individual issue, with any special features or remediation points accurately described.

 

Advanced manual tools  Professional 

  • Use Burp project files to save your work incrementally in real-time, and pick up seamlessly where you left off.
  • Use the configuration library to quickly launch targeted scans with different settings.
  • View real-time feedback of all discovered vulnerabilities on Burp's central dashboard.
  • Place manual insertion points at arbitrary locations within requests, to inform the Scanner about non-standard inputs and data formats.
  • Use live scanning as you browse to fully control what actions are carried out for what requests.
  • Burp can optionally report all reflected and stored inputs, even where no vulnerability has been confirmed, to facilitate manual testing for issues like cross-site scripting.
  • You can export beautifully formatted HTML reports of discovered vulnerabilities.
  • The CSRF PoC Generator function can be used to generate a proof-of-concept cross-site request forgery (CSRF) attack for a given request.
  • The Content Discovery function can be used to discover hidden content and functionality that is not linked from visible content that you can browse to.
  • The Target Analyzer function can be used to analyze a target web application and tell you how many static and dynamic URLs it contains, and how many parameters each URL takes.
  • Burp Intruder is an advanced tool for automating custom attacks against applications. It can be used for numerous purposes to improve the speed and accuracy of manual testing.
  • Intruder captures detailed attack results, with all relevant information about each request and response clearly presented in table form. Captured data includes the payload values and positions, HTTP status code, response timers, cookies, number of redirections, and the results of any configured grep or data extraction settings.

 

Scheduled and repeat scans   Enterprise 

  • Burp Suite Enterprise Edition can perform scheduled scans at specific times, or carry out one-off scans on demand.
  • You can configure repeat scans to run indefinitely or until a defined end point.
  • You can view in a single place the entire scan history for a given web site. 

 

Unlimited scalability   Enterprise 

  • Burp Suite Enterprise Edition has extreme scalability, and can scan indefinitely many web sites in parallel.
  • You can configure all of your organization's web sites in one place, organized to reflect your organizational structure.
  • All scan results are aggregated in one place, providing an at-a-glance view of your organization’s security posture
  • The scalable agent pool distributes workload across multiple machines, allowing your deployment to grow to any size, and perform as many parallel scans as your organization requires.
  • Burp Suite Enterprise Edition supports multiple users with role-based access control (RBAC) to restrict access to sensitive data. There are no licensing restrictions on the number of users.

 

CI integration   Enterprise 

  • Bring security automation forward in your development lifecycle using Burp's CI integration.
  • Automatically launch vulnerability scans from your CI system via the REST API.
  • There are ready-made native CI plugins for popular platforms such as Jenkins and TeamCity, and a generic CI driver that can be easily installed in any CI system.
  • You can run scans per commit, on a schedule, or as part of your deployment pipelines.
  • The CI integration can be configured to break software builds based on the severity of discovered issues.

 

Essential manual tools  Professional 

  • Burp Proxy allows manual testers to intercept all requests and responses between the browser and the target application, even when HTTPS is being used.
  • You can view, edit or drop individual messages to manipulate the server-side or client-side components of the application.
  • The Proxy history records full details of all requests and responses passing through the Proxy.
  • You can annotate individual items with comments and colored highlights, letting you mark interesting items for manual follow-up later.
  • Burp Proxy can perform various automatic modification of responses to facilitate testing. For example, you can unhide hidden form fields, enable disabled form fields, and remove JavaScript form validation.
  • You can use match and replace rules to automatically apply custom modifications to requests and responses passing through the Proxy. You can create rules that operate on message headers and body, request parameters, or the URL file path.
  • Burp helps eliminate browser security warnings that can occur when intercepting HTTPS connections. On installation, Burp generates a unique CA certificate that you can install in your browser. Host certificates are then generated for each domain that you visit, signed by the trusted CA certificate.
  • Burp supports invisible proxying for non-proxy-aware clients, enabling the testing of non-standard user agents such as thick client applications and some mobile applications.
  • HTML5 WebSockets messages are intercepted and logged to a separate history, in the same way as regular HTTP messages.
  • You can configure fine-grained interception rules that control precisely which messages are intercepted, letting you focus on the most interesting interactions.
  • The target site map shows all of the content that has been discovered in sites being tested. Content is presented in a tree view that corresponds to the sites’ URL structure. Selecting branches or nodes within the tree shows a listing of individual items, with full details including requests and responses where available.
  • All requests and responses are displayed in a feature-rich HTTP message editor. This provides numerous views into the underlying message to assist in analyzing and modifying its contents.
  • Individual requests and responses can be easily sent between Burp tools to support all kinds of manual testing workflows.
  • The Repeater tool lets you manually edit and reissue individual requests, with a full history of requests and responses.
  • The Sequencer tool is used for statistical analysis of session tokens using standard cryptographic tests for randomness.
  • The Decoder tool lets you convert data between common encoding schemes and formats used on the modern web.
  • The Clickbandit tool generates working clickjacking attacks against vulnerable application functions.
  • The Comparer tool performs a visual diff between pairs of requests and responses or other interesting data.
  • You can create custom session handling rules to deal with particular situations. Session handling rules can automatically log in, detect and recover invalid sessions, and fetch valid CSRF tokens.
  • The powerful Burp Extender API allows extensions to customize Burp’s behavior and integrate with other tools. Common use cases for Burp extensions include modifying HTTP requests and responses on the fly, customizing the Burp UI, adding custom Scanner checks, and accessing key runtime information including crawl and scan results.
  • The BApp Store is a repository of ready-to-use extensions contributed by the Burp user community. These can be installed with a single click from within the Burp UI. 

 

What operating systems does Burp Suite Professional software run on?

Burp Suite Professional requires a computer with the official Java Runtime Environment (64-bit edition, version 1.7 or later) installed. JREs are available for various popular operating systems, including Windows, Linux and Mac OS X. If you are unsure whether your computer is suitable, you should first test the free community edition of Burp Suite on your computer to satisfy yourself that it works correctly.

What are the system requirements for running Burp Suite Professional software?

For the best experience with Burp Suite Professional, we recommend using a machine with at least 8 GB of memory and 2 CPU cores. If you are performing large amounts of work, or testing large or complex applications, you may need more memory than this. If you are unsure whether your computer is suitable, we recommend first testing Burp Suite Community Edition on your machine to satisfy yourself that it works correctly.

What operating systems does Burp Suite Enterprise Edition software run on?

Burp Suite Enterprise Edition requires a 64-bit machine running a modern Windows, Linux, or MacOS operating system. Note that multiple machines may be required depending on your intended usage.

 

 


Burp Suite Enterprise Edition system requirements
The system requirements for machines running Burp Suite Enterprise Edition are highly dependent on a variety of factors. These factors include:

  • How many concurrent scans you want to run
  • The nature and scope of the application being scanned
  • The number of issues reported
  • The number of active users of the Burp Suite Enterprise Edition web UI and APIs
  • Whether you are using a fully bundled deployment or have split the different components across multiple machines
  • Whether you have enabled Burp Scanner's experimental new browser-powered scanning engine

 

As a result, the system requirements listed in this section are general recommendations that should provide satisfactory performance for most use cases. When provisioning machines, please be aware that you might need to upgrade them later depending on your actual usage.

General requirements
The following requirements apply regardless of your preferred deployment method:

  • All machines on which Burp Suite Enterprise Edition components are installed must have a 64-bit architecture.
  • location (configured during the installation process) must reside on locally attached storage rather than a network file system. Please note that the free space required is not only for the up-front installation. Disk space is used for storage of ephemeral data during scans and product updates.The disk

 

Be aware that to get the most out of Burp Suite Enterprise Edition, you will need to assign multiple agents to a machine. In many cases, this will require you to use a dedicated server or server-class virtual machine in order to meet the system requirements.

Bundled deployment
If you decide to use the bundled deployment option, assigning agents to your Enterprise server machine rather than to dedicated external machines, the following system requirements apply.

Note: Browser-powered scanning (BPS) requires a machine with more RAM but achieves greater coverage during scans.

  Free disk space RAM (BPS enabled) RAM (BPS disabled) CPU cores
Base installation 10 GB 16 GB 16 GB
4
Per agent + 20 GB + 8 GB + 4 GB 4
Total with 2 agents 50 GB 32 GB 24 GB 12
Total with 5 agents 110 GB 56 GB 36 GB 24
Total with 10 agents 210 GB 96 GB 56 GB 44

 

External agent machines
Instead of assigning agents to your Enterprise server machine, you can deploy dedicated external machines on which your agents will run when performing scans. For each external agent machine, the following system requirements apply:

Note: Browser-powered scanning (BPS) requires a machine with more RAM but achieves greater coverage during scans.

  Free disk space RAM (BPS enabled) RAM (BPS disabled) CPU cores
Base installation 10 GB 2 GB 2 GB 2
Per agent + 20 GB + 8 GB + 4 GB 4
Total with 2 agents 50 GB 18 GB 10 GB 10
Total with 5 agents 110 GB 42 GB 22 GB 22
Total with 10 agents 210 GB 82 GB 42 GB 42

 

Database and storage space
The amount of data that might be accumulated by Burp Suite Enterprise Edition depends on the number of scans that you perform and how many issues they find. The following table provides an approximate indication of the quantity of data that is likely to be accumulated:

Number of scans Data storage
1000 500Mb
10000 5Gb
100000 50Gb

 

The following types and versions of external databases have been tested and are fully supported:

Type Supported versions
MariaDB 5.6, 5.7, 10.1, 10.2, 10.3
Microsoft SQL server 2012, 2014, 2016, 2017
MySQL 5.7
Oracle 12.2, 18c
PostgreSQL 9.4, 9.5, 9.6, 10

產品目錄

商務工具
  • 專案管理
  • 文檔管理
  • 自動排程
  • 流程管理
  • 條碼製作
  • 列印管理
應用軟體
  • 行事管理
  • 桌面管理
  • 翻譯軟體
  • 傳真伺服器
  • 英語學習
  • 其他應用
  • 光碟工具
開發及程式工具
  • 資料庫開發管理
  • Java & XML
  • 程式碼編輯
  • 程式碼檢查
  • 虛擬裝置
  • 終端機與伺服器
  • 軟體封裝
  • 開發追蹤檢測
  • ASP 工具
  • PHP 工具
  • C++ 工具
  • 日誌分析
  • 電路板設計
  • 開發整合工具
  • 驅動程式開發
  • OPC 工具
  • 圖表開發程式
系統工具
  • 作業系統
  • 磁碟工具
  • 系統優化
  • 效能測試
  • 裝置分析
  • 壓縮工具
傳輸.遠控.郵件
  • FTP伺服器/傳輸
  • 網路通訊
  • 檔案傳輸
  • 遠端控制
  • 網域管理
  • 郵件軟體
資訊安全工具
  • 還原備份
  • 網路監控
  • 系統安全
  • 電腦防毒
  • 資料保護
  • 網路安全
  • 網路分析
  • USB 監控
文書處理
  • 文書管理
  • 文書編輯
  • 文書轉檔
  • 方程式編輯
  • 說明文製作
  • 論文編輯
PDF 應用
  • PDF 編輯
  • PDF 轉檔
  • PDF 加解密
  • Acrobat 插件
網頁相關
  • 網頁設計
  • 網頁瀏覽
  • 網頁安全
  • 網頁分析
  • 網頁打包及管理
圖表編輯
  • 圖表開發程式
  • 圖表製作
  • 圖像編輯
  • 3D 繪圖
  • 圖檔轉換
  • 影像擷取
  • 流程圖製作
簡報排版
  • 字型設計
  • 排版設計
  • 地圖繪製
  • 簡報及電子書
影音軟體
  • 樂曲製作
  • 視頻編碼
  • 影像錄製
  • Flash 製作
  • 動畫製作
  • 影像圖庫
  • 影音分析
  • 影音播放
  • 影音編輯
  • 錄音軟體
  • 字幕軟體
統計分析軟體
  • 統計分析
  • 結構分析
  • 時間序列分析
  • 計量分析
  • 統計流程控制
  • 社會網絡分析
數值分析軟體
  • 決策分析
  • 數值運算
  • 人工智慧
  • 質性分析
  • 生命週期評估
學術研究軟體
  • 化學軟體
  • IRT 應用
  • 生物軟體
  • 水利軟體
  • 視覺思考
  • 數學軟體
  • 互動教學
  • 醫學軟體
  • 物理分析
  • 認知心理
友環股份有限公司   版權所有 2007-2021 Linksoft Inc. All Rights Reserved.

地址: 23504新北市中和區中山路二段351號6樓之10
 
電話: +886-2-2221-2155
 
傳真: +886-2-2221-9008

[email protected]  
http://www.linksoft.com.tw  
關於友環  
聯絡我們   Facebook關注  

會員登入

忘記密碼

會員註冊

Linksoft友環專業軟體代理網站服務,不論會員或非會員均可享受產品詢價和訂購服務。
欲加入會員,可以點選「註冊」成為會員。

加入會員的好處:

1. 您可以隨時登入會員,查詢產品詢價記錄,更新您的會員資料。
2. 系統將自動帶出您的會員資料,免去資料重複繕打的麻煩。
3. 只需填寫基本的聯絡資料,不會要求您留下身份證字號等個人機密性資料。
4. 掌握最新的產品資訊及最新好康,享受完整的客戶服務,註冊的聯繫Email可立即收到通知,再也不用怕漏失重要訊息。

忘記密碼