An introduction to using Burp Suite for Web Application pentesting
Which edition of Burp Suite will we be using in this module?
Burp Suite Community
Which edition of Burp Suite runs on a server and provides constant scanning for target web apps?
Burp Suite Enterprise
Burp Suite is frequently used when attacking web applications and ______ applications.
Which Burp Suite feature allows us to intercept requests between ourselves and the target?
Which Burp tool would we use if we wanted to bruteforce a login form?
In which Project options sub-tab can you find reference to a “Cookie jar”?
In which User options sub-tab can you change the Burp Suite update behaviour?
What is the name of the section within the User options “Misc” sub-tab which allows you to change the Burp Suite keybindings?
If we have uploaded Client-Side TLS certificates in the User options tab, can we override these on a per-project basis (Aye/Nay)?
Which button would we choose to send an intercepted request to the target in Burp Proxy?
[Research] What is the default keybind for this?
Note: Assume you are using Windows or Linux (i.e. swap Cmd for Ctrl).
Read through the options in the right-click menu.
There is one particularly useful option that allows you to intercept and modify the response to your request.
What is this option?
Note: The option is in a dropdown sub-menu.
Response to this request
Take a look around the site on
http://MACHINE_IP/ -- we will be using this a lot throughout the module. Visit every page linked to from the homepage, then check your sitemap -- one endpoint should stand out as being very unusual!
Visit this in your browser (or use the “Response” section of the site map entry for that endpoint)
What is the flag you receive?
Check out the response to request http://IP/5yjR2GLcoGoij2ZK to get the flag
Look through the Issue Definitions list.
That’s it. See you in the next room :)