The Connections tab

Under the Connections tab, a tester has the following options:

  • Platform Authentication: This provides an override button in the event the tester wants the Project options related to the type of authentication used against the target application to supersede any authentication settings within the user options.

After clicking the checkbox to override the user's options, the tester is presented with a table enabling authentication options (for example, Basic, NTLMv2, NTLMv1, and Digest) specific to the target application. The destination host is commonly set to wildcard * should a tester find the need to ever use this option:

  • Upstream proxy servers: It provides an override button in the event the tester wants the Project options related to upstream proxy servers used against the target application to supersede any proxy settings contained within the user options.

After clicking the checkbox to override the user's options, the tester is presented with a table enabling upstream proxy options specific to this project. Clicking the Add button displays a pop-up box called Add upstream proxy rule. This rule is specific to the target application's environment. This feature is very helpful if the target application's environment is fronted with a web proxy requiring a different set of credentials than the application login:

  • SOCKS Proxy: It provides an override button in the event the tester wishes for Project options related to the SOCKS Proxy configuration used against the target application to supersede any SOCKS Proxy settings within the user options.

After clicking the checkbox to override user options, the tester is presented with a form to configure a SOCKS Proxy specific to this project. In some circumstances, web applications must be accessed over an additional protocol that uses socket connections and authentication, commonly referred to as SOCKS:

  • Timeouts: It allows for timeout settings for different network scenarios, such as failing to resolve a domain name:

  • Hostname Resolution: It allows entries similar to a host file on a local machine to override the Domain Name System (DNS) resolution:

  • Out-of-Scope Requests: It provides rules to Burp regarding Out-of-Scope Requests. Usually, the default setting of Use suite scope [defined in Target tab] is most commonly used:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.15.235.104