Scribd
Upload
2K views2 pages

Burp Suite

This document contains 26 multiple choice questions about using the Burp Suite application for web application testing. Burp Suite is a tool that allows users to intercept, modify and replay HTTP requests for testing purposes. Some key capabilities covered include the interceptor, spider, intruder and repeater tools. Correct answers are provided for each question.

Uploaded by

Jigar Desai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2K views2 pages

Burp Suite

This document contains 26 multiple choice questions about using the Burp Suite application for web application testing. Burp Suite is a tool that allows users to intercept, modify and replay HTTP requests for testing purposes. Some key capabilities covered include the interceptor, spider, intruder and repeater tools. Correct answers are provided for each question.

Uploaded by

Jigar Desai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

1.

Which of the following intruder attack uses a single payload by enumerating one payload at
a time?
Ans: Battering Ram

2. Which of the following option is applicable for “Action” control for the panel in intercepting
request?
Ans: This shows a menu of available actions that can be performed on the currently
displayed message$

3. Which of the following is used for manual footprinting?


Ans: Target$

4. Which of the following Burp Suite tool is used for web application mapping?
Ans: Spider

5. You can check the response in Intercept tab


Ans: False

6. Where can responses be viewed in Burp Suite


Ans: Intercept Tab(Option Tab)

7. Which of the following attacks with a single payload


Ans: Battering Ram$

8. The request body be changed in the “HTTP History Tab” under Proxy.
Ans: False(True)

9. When Intercept is on, the request will hit the _______.


Ans: Burp Proxy

10.SSL handshake is used in HTTP.


Ans: False

11.The Request body can be changed in the “HTTP History Tab”.


Ans: False

12.What are the steps to be taken when Burp does not intercept HTTPS requests
Ans: Install Burp’s CA certificate in the browser

13.Which of the following application is about extending Burp proxy


Ans: All the options

14.Which of the following statement is true about a cluster bomb attack?


Ans: It uses multiple payload sets

15.A site map helps to capture a specified URL.


Ans: True

16. Which of the following option is a false statement about request manipulation in
Burp Suite?
Ans: Decoder tool as it does not identify any differences of the failed login. Burp suite comparator
is used for that.

17.Burp Suite can be installed in which of the following


Ans: All the above options

18.Which of the following option is true about XSS with Burp-Repeater tool?
Ans: All the Options

19. The ''HTTP History Tab'' captures all host URLs.


Ans: True

20.Which of the following component of Burp Suite enables to perform powerful


customized attacks to find and exploit peculiar vulnerabilities?
Ans: Intruder*

21. Which of the following can execute all the possible combination of attacks?
Ans: Cluster Bomb

22.If there are eight payloads with two parameters each, how many requests will a
Battering Ram make?
Ans: 8

23.What is the task of the Forward control when intercepting a Burp Suite request?
Ans: Edits the message

24.What is the role of the “Do Intercept” command for HTTP messages?
Ans: It is responsible for interception of the request$

25. What happens when Intercept is off?


Ans: The request will hit the server
26.What is the role of a Sequencer in request manipulation in Burp Suite?
Ans: Define the applications status in terms of sessions

1. Which of the following intruder attack uses a single payload by enumerating one payload at a time? Ans: Battering Ram 2.
Ans: True 16. Which of the following option is a false statement about request manipulation in Burp Suite? Ans: Decoder too

You might also like