Author Topic: ZAP vs BURP SUITE  (Read 22114 times)

break0x90

  • Newbie
  • *
  • Posts: 30
    • View Profile
on: June 06, 2012, 12:22:50 AM
Hi everyone,
i will start to study the vulnerabilities of web applications like SQLi, LFI, XSS so i've understand that often i need to use a local proxy to trace step by step the interaction between my browser and the webserver. I've watched some videos and read some tutorial to introduce the argument but i can't make a chose...
Can i ask you what is your chose between ZAP and BURP SUITE ? Why this chose ?

sorry for my bad english.. i'm italian.. if someone wants reply me i can understand also the italian language  !

good night ^_^



ZEROF

  • Hero Member
  • *****
  • Posts: 1245
    • View Profile
    • Pen Tester
Reply #1 on: June 06, 2012, 12:58:21 AM
Man, man man ... How we can help you? You need to read how to use tools. And ZAP and Burp don't have same use lol, or almost :). Start googling around. Check BackBox menu and learn about every tool you can use it. That is how this work.

Read before posting : http://forum.backbox.org/announcements/general-forum-conditions/
« Last Edit: June 06, 2012, 12:17:32 PM by ZEROF »


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


break0x90

  • Newbie
  • *
  • Posts: 30
    • View Profile
Reply #2 on: June 06, 2012, 09:11:02 AM
well.. if they haven't the same kind of use when anyone must uses zap ? when anyone must uses burp ? I've read the netiquette that you have linked me in your previus post but i think that my thread is rightful.
i'm looking for the difference between zap and burp but reading the official documentations they seems to be the same (burp seems to have more features)
i'm a newbie about vulns of web app but i want to learn! so can you explain me the difference between this 2 tools and when is prefer to use one or other ?

thanks



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 580
    • View Profile
Reply #3 on: June 06, 2012, 12:08:10 PM
indeed, if you just ask over to google your question you will get straight answer about the difference between 2.
To give a quick answer to your question, yes they do the same thing and they are very similar. Burp is a hard core pentesters tool, you should have very good knowledge in security matter when you are dealing with.....ZAP has got some neat features, covers most of the bases  but not all functions that burp has, and it is easier to use, doesn't requires much knowledge, basic system background will be enough to deal with.

the next question?



break0x90

  • Newbie
  • *
  • Posts: 30
    • View Profile
Reply #4 on: June 06, 2012, 02:38:10 PM
thanks ostendali your reply was useful :)
i will use apt-get search to see what has chose the backbox team.
Next question uhm... boh :p nothing for now. I hope to find some time to get a vm like metasploitable and begin to play with it
thanks !



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 580
    • View Profile
Reply #5 on: June 13, 2012, 04:46:01 PM
thanks ostendali your reply was useful :)
i will use apt-get search to see what has chose the backbox team.
Next question uhm... boh :p nothing for now. I hope to find some time to get a vm like metasploitable and begin to play with it
thanks !
you are welcome.....
happy days, no more questions hopefully...
enjoy your exploitation!