May, a month without Burp
Burp is an amazing tool, don’t get me wrong, but I think it makes you do the test “the Burp way” so you end doing the same routines all the time and learning nothing new at the end.
Also, sometimes, you are in a place (customer site) where you cannot install Burp or they don’t have Java installed and you have to use another approach to test that internal app. My idea is to use a new tool for each week this month along with Burp to compare results and to learn new tricks that may become handy in some situations.
I’m planning to use the following tools, if you know another one, please feel free to add it in the comments section so I can also have a look to them:
The top three of the previous list use .Net framework which makes them a bit difficult to use in Linux (maybe under wine I’ll be able to execute them…) while the last one uses Java, like Burp. On corporate environments it is more likely, in my experience, to have .Net but not Java. Also Fiddler can work even if the user does not have administrative privileges.
After the experiment I’ll come back here and write my experiences with each tool, or you can go on twitter and check my real time rant about the problems I might find