Minor cleanup and refactoring of documentation

NetsOSS · Feb 9, 2018 · b1068df · b1068df
1 parent aafb2c8
commit b1068df
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 34 deletions.
diff --git a/docs/background/automation.md b/docs/background/automation.md
@@ -9,7 +9,6 @@ And there are several developers who have already done this and made their exten
 One of the most popular extensions for running Burp headless is [Carbonator]. By giving it a target scope, it spiders the scope and performs a scan and a HTML report is generated at the end.  
 
 However, we wanted more!
-
 We wanted JUnit like output in Jenkins and a failed build whenever any vulnerabilities were found. And we also wanted the possibility to flag false positives. That is after a potential security hole has been found and reported, you investigate it in your code and find that no way this can happen, you want to configure this so that it will not be reported on the next run. 
 
 And just performing a scan on a target doesnt really give that much in our javascript web application world today by reasons I’ll get back to later. So we also had to be able to automatically proxy the application to build that sitemap. 

diff --git a/docs/background/background.md b/docs/background/background.md
@@ -12,7 +12,4 @@ This happens in the very end, making any findings risky to fix and have severe r
 
 We also have a limited pool of security experts, and may in some cases have a long wait ahead of us before pen-test can be performed. 
 
-And we are the lucky ones. We have security experts testing our code. We all know that this is not the case for a lot of web-applications out there. Some have to hire expensive consultants and some doesnt do any security testing at all. 
-
-
-# tl;dr;
+And we are the lucky ones. We have security experts testing our code. We all know that this is not the case for a lot of web-applications out there. Some have to hire expensive consultants and some doesnt do any security testing at all.
diff --git a/docs/background/burp.md b/docs/background/burp.md
@@ -8,4 +8,4 @@ The spider can then be used as a tool to crawl through the rest of the applicati
 
 This site map built by the proxy and spider is then what the scanner uses to test your application for vulnerabilities. It performs this test by automatically attack your site using a number of known hacking techniques, and reports back to you any security issues it finds. 
 
-And these are the three tools  we wanted to automate in our PoC. 
+And these are the three tools we wanted to automate in our PoC. 
diff --git a/docs/background/our-goal.md b/docs/background/our-goal.md
@@ -4,4 +4,7 @@ We wanted the  security-testing to become an integrated part of our development.
 
 To make sure it would be a natural part of the development we wanted to move into the delivery pipeline as an automated job. 
 
-Our security experts recommended [Burp](https://portswigger.net/burp/) as the best tool available for the job and this is the reason why we selected this over [OWASP ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project). 
+Our security experts recommended [Burp Suite] as the best tool available for the job and this is the reason why we selected this over [OWASP Zed Attack Proxy].
+
+[Burp Suite]: https://portswigger.net/burp/
+[OWASP Zed Attack Proxy]: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
diff --git a/docs/user-guide/burp-extensions/headless-burp-proxy.md b/docs/user-guide/burp-extensions/headless-burp-proxy.md
@@ -1,5 +1,5 @@
 Headless Burp Proxy
-=====================
+===================
 
 Provides an extension to Burp that allows you to run, stop and capture results from the Burp proxy tool in headless mode.
 
@@ -12,37 +12,45 @@ Provides an extension to Burp that allows you to run, stop and capture results f
 
 On *nix:
 
-    java -Xmx1G -Djava.awt.headless=true \
-    -classpath headless-burp-proxy-master-SNAPSHOT-jar-with-dependencies.jar:burpsuite_pro_v1.7.31.jar burp.StartBurp \
-    --project-file=project.burp
+```
+java -Xmx1G -Djava.awt.headless=true \
+-classpath headless-burp-proxy-master-SNAPSHOT-jar-with-dependencies.jar:burpsuite_pro_v1.7.31.jar burp.StartBurp \
+--project-file=project.burp
+```
 
 On Cygwin:
-
-    java -Xmx1G -Djava.awt.headless=true \
-    -classpath "headless-burp-proxy-master-SNAPSHOT-jar-with-dependencies.jar;burpsuite_pro_v1.7.31.jar" burp.StartBurp \
-    --project-file=project.burp
+
+```
+java -Xmx1G -Djava.awt.headless=true \
+-classpath "headless-burp-proxy-master-SNAPSHOT-jar-with-dependencies.jar;burpsuite_pro_v1.7.31.jar" burp.StartBurp \
+--project-file=project.burp
+```
 
 #### Commandline Options
 
-    --project-file=VAL          Open the specified project file; this will be created as a new project if the file does not exist (mandatory)
-    --proxyPort VAL             Proxy port
-    --shutdownPort VAL          Shutdown port
-    --shutdownKey VAL           Shutdown key
-    -p (--prompt)               Indicates whether to prompt the user to confirm the shutdown (useful for debugging)
-    -v (--verbose)              Enable verbose output
-
-    --diagnostics               Print diagnostic information
-    --use-defaults              Start with default settings
-    --collaborator-server       Run in Collaborator server mode
-    --collaborator-config=VAL   Specify Collaborator server configuration file; defaults to collaborator.config
-    --config-file=VAL           Load the specified project configuration file(s); this option may be repeated to load multiple files
-    --user-config-file=VAL      Load the specified user configuration file(s); this option may be repeated to load multiple files
-    --auto-repair               Automatically repair a corrupted project file specified by the --project-file option
+```
+--project-file=VAL          Open the specified project file; this will be created as a new project if the file does not exist (mandatory)
+--proxyPort VAL             Proxy port
+--shutdownPort VAL          Shutdown port
+--shutdownKey VAL           Shutdown key
+-p (--prompt)               Indicates whether to prompt the user to confirm the shutdown (useful for debugging)
+-v (--verbose)              Enable verbose output
+
+--diagnostics               Print diagnostic information
+--use-defaults              Start with default settings
+--collaborator-server       Run in Collaborator server mode
+--collaborator-config=VAL   Specify Collaborator server configuration file; defaults to collaborator.config
+--config-file=VAL           Load the specified project configuration file(s); this option may be repeated to load multiple files
+--user-config-file=VAL      Load the specified user configuration file(s); this option may be repeated to load multiple files
+--auto-repair               Automatically repair a corrupted project file specified by the --project-file option
+```
 
 ### Stop Burp Proxy
 
-    echo SHUTDOWN >> /dev/tcp/127.0.0.1/4444
-    or
-    echo SHUTDOWN | netcat 127.0.0.1 4444
-    or
-    echo SHUTDOWN | ncat 127.0.0.1 4444
+```
+echo SHUTDOWN >> /dev/tcp/127.0.0.1/4444
+or
+echo SHUTDOWN | netcat 127.0.0.1 4444
+or
+echo SHUTDOWN | ncat 127.0.0.1 4444
+```
Original file line number	Diff line number	Diff line change
Expand Up		@@ -8,4 +8,4 @@ The spider can then be used as a tool to crawl through the rest of the applicati

		This site map built by the proxy and spider is then what the scanner uses to test your application for vulnerabilities. It performs this test by automatically attack your site using a number of known hacking techniques, and reports back to you any security issues it finds.

		And these are the three tools we wanted to automate in our PoC.
		And these are the three tools we wanted to automate in our PoC.