Certified Ethical Hacker (CEH v11) — Question 384

Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens.
Which of the following tools is used by Gregory in the above scenario?

Answer options

• A. Wireshark
• B. Nmap
• C. Burp Suite
• D. CxSAST

Correct answer: C

Explanation

The correct answer is C, Burp Suite, as it is specifically designed for web application security testing, featuring an intercepting proxy for traffic analysis and the ability to perform customized attacks. Wireshark (A) is a network protocol analyzer, not tailored for web application testing. Nmap (B) is primarily used for network discovery and security auditing, while CxSAST (D) is a static application security testing tool, not focused on dynamic web application testing.