More than exploiting vulnerabilities related to cryptography, Burp Suite allows users to perform analysis to detect weak algorithms.

To perform this analysis, we need to create a capture. This capture is just a navigation where we log in and log out from an application in order to create sessions, tokens, and IDs. The idea is to create the biggest capture that we can in order to have a sample.

After creating the capture, use the normal history in Burp Suite, go to the Sequencer tool, and click on Analyze now, as demonstrated in the following screenshot:

Here, you can see the final analysis, as follows:

Now, you can determine whether the algorithm used is weak or not based on the entropy, the charset, and the probability.