In this chapter, we used some of the lesser-known Burp Suite tools, such as Comparer, Decoder, Sequencer, Spider, and briefly mentioned the Alerts tab. Even though these are not as widely used as the tools we saw in Chapter 5, Using Burp Tools As a Power User – Part 1, but an accomplished web application security tester can use these tools to do their testing in a more structured and efficient manner.

Now we know how to spider any application, break seemingly random tokens, compare different types of HTTP requests and responses, and decode and encode pieces of data as required for our testing and creating attacks.

In the next chapter, we will look at how to search, match patterns, and use grep-like tools in Burp Suite over requests and responses ...