- read

TryHackMe | Burp Suite: The Basics WriteUp

Trnty 4.9k

An introduction to using Burp Suite for Web Application pentesting

Link:- https://tryhackme.com/room/burpsuitebasics

Which edition of Burp Suite will we be using in this module?

Burp Suite Community

Which edition of Burp Suite runs on a server and provides constant scanning for target web apps?

Burp Suite Enterprise

Burp Suite is frequently used when attacking web applications and ______ applications.

Mobile

Which Burp Suite feature allows us to intercept requests between ourselves and the target?

Proxy

Which Burp tool would we use if we wanted to bruteforce a login form?

Intruder

In which Project options sub-tab can you find reference to a “Cookie jar”?

Sessions

In which User options sub-tab can you change the Burp Suite update behaviour?

Misc

What is the name of the section within the User options “Misc” sub-tab which allows you to change the Burp Suite keybindings?

Hotkeys

If we have uploaded Client-Side TLS certificates in the User options tab, can we override these on a per-project basis (Aye/Nay)?

Aye

Which button would we choose to send an intercepted request to the target in Burp Proxy?

Forward

[Research] What is the default keybind for this?

Note: Assume you are using Windows or Linux (i.e. swap Cmd for Ctrl).

Ctrl+F

Read through the options in the right-click menu.

There is one particularly useful option that allows you to intercept and modify the response to your request.

What is this option?

Note: The option is in a dropdown sub-menu.

Response to this request

Take a look around the site on http://MACHINE_IP/ -- we will be using this a lot throughout the module. Visit every page linked to from the homepage, then check your sitemap -- one endpoint should stand out as being very unusual!

Visit this in your browser (or use the “Response” section of the site map entry for that endpoint)

What is the flag you receive?

Check out the response to request http://IP/5yjR2GLcoGoij2ZK to get the flag

Look through the Issue Definitions list.

What is the typical severity of a Vulnerable JavaScript dependency?

Low

That’s it. See you in the next room :)