ZAP vs BURP SUITE

Started by break0x90, June 06, 2012, 01:22:50 AM

Previous topic - Next topic

break0x90

Hi everyone,
i will start to study the vulnerabilities of web applications like SQLi, LFI, XSS so i've understand that often i need to use a local proxy to trace step by step the interaction between my browser and the webserver. I've watched some videos and read some tutorial to introduce the argument but i can't make a chose...
Can i ask you what is your chose between ZAP and BURP SUITE ? Why this chose ?

sorry for my bad english.. i'm italian.. if someone wants reply me i can understand also the italian language  !

good night ^_^

ZEROF

#1
Man, man man ... How we can help you? You need to read how to use tools. And ZAP and Burp don't have same use lol, or almost :). Start googling around. Check BackBox menu and learn about every tool you can use it. That is how this work.

Read before posting : http://forum.backbox.org/announcements/general-forum-conditions/

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

break0x90

well.. if they haven't the same kind of use when anyone must uses zap ? when anyone must uses burp ? I've read the netiquette that you have linked me in your previus post but i think that my thread is rightful.
i'm looking for the difference between zap and burp but reading the official documentations they seems to be the same (burp seems to have more features)
i'm a newbie about vulns of web app but i want to learn! so can you explain me the difference between this 2 tools and when is prefer to use one or other ?

thanks

ostendali

indeed, if you just ask over to google your question you will get straight answer about the difference between 2.
To give a quick answer to your question, yes they do the same thing and they are very similar. Burp is a hard core pentesters tool, you should have very good knowledge in security matter when you are dealing with.....ZAP has got some neat features, covers most of the bases  but not all functions that burp has, and it is easier to use, doesn't requires much knowledge, basic system background will be enough to deal with.

the next question?

break0x90

thanks ostendali your reply was useful :)
i will use apt-get search to see what has chose the backbox team.
Next question uhm... boh :p nothing for now. I hope to find some time to get a vm like metasploitable and begin to play with it
thanks !

ostendali

Quote from: break0x90 on June 06, 2012, 03:38:10 PM
thanks ostendali your reply was useful :)
i will use apt-get search to see what has chose the backbox team.
Next question uhm... boh :p nothing for now. I hope to find some time to get a vm like metasploitable and begin to play with it
thanks !
you are welcome.....
happy days, no more questions hopefully...
enjoy your exploitation!