Skip to content

Burp Suite

Burp Suite is a common tool for testing and audiiting web applications. Burp Suite is a native built-in web browser based on Chromium. Burp Suite allows modify requests and responces. See Proxy.Options.Match and Replace

How to use the tool:

  1. Open and choose temporary project and default settings
  2. Proxy. Intersept on
  3. 202304181408000 use proxy in firefox
  4. Go some address in ff and then press forward in Burp suite
  5. In history you can find requests: Pasted image 20230418143418.png
  6. We can edit proxy settings here: Pasted image 20230418143937.png
  7. Intruder: we can create attack, using defferent payloads for any attempt. For example we can find password. See 2023041802313333 Burp Suite#^087cda
  8. Repeater: allows us to repeat request with changes and to watch response. See 2023041802313333 Burp Suite#^245d64
    1. Decode string in request to human readable format - Ctrl+Shift+U hotkey or use inspector on the right side

Replace or add new header in response

Pasted image 20230901230746.png

References

  1. PortSwigger, 2021), https://portswigger.net/burp 
  2. (Chromium.org, 2021), https://www.chromium.org/ 
  3. web200.Tools.Burp Suite.Using Burp Suite with Other Browsers
  4. web200.Tools.Burp Suite.Intruder ^087cda
  5. web200.Tools.Burp Suite.Repeater ^245d64