Certified Ethical Hacker (CEH v12) — Question 249

Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens.

Which of the following tools is used by Gregory in the above scenario?

Answer options

• A. Wireshark
• B. Nmap
• C. Burp Suite
• D. CxSAST

Correct answer: C

Explanation

The correct tool used by Gregory is Burp Suite, as it is specifically designed for web application security testing and includes features like an intercepting proxy. Wireshark is a network protocol analyzer and is not focused on web application security, while Nmap is a network scanning tool used for discovering hosts and services on a network. CxSAST is a static application security testing tool that analyzes source code rather than intercepting web traffic.