Certified Ethical Hacker (CEH v13) — Question 206

Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens.
Which of the following tools is used by Gregory in the above scenario?

Answer options

• A. Wireshark
• B. Nmap
• C. Burp Suite
• D. CxSAST

Correct answer: C

Explanation

The correct answer is C, Burp Suite, as it is specifically designed for web application security testing, offering features like an intercepting proxy and the ability to conduct customized attacks. Wireshark (A) is primarily used for network traffic analysis and does not focus on web application testing. Nmap (B) is a network scanning tool used for discovering hosts and services on a computer network, while CxSAST (D) is a static application security testing tool that analyzes source code rather than intercepting web traffic.