Burp Suite: used for testing web and mobile applications; testing Application Programming Interfaces(APIs) Features:
- Proxy: allow to intercept and modify requests/responses
- Repeater: allow to capture, modify, then resend the same request numerous times (SQLi)
- Intruder: allows to spry an endpoint with requests, used to bruteforce attacks or fuzz endpoints
- Decoder: provides decoding of information, encoding a payload efficiently
- Comparer: compare two pieces of data at either word or byte level
- Sequencer: assessing randomness tokens, cookie values or random data -possible to write extensions to burp framework using python and ruby
Installation: (pre-packaged with Kali Linux) Application Interface:
- Tasks: define background tasks Burp Suite will run
- Event Log: information about connections made through Burp
- Issue Activity (pro only)
- Advisory: information about the vulnerabilities found and suggested remediations
Navigation: top bar menus (dashboard, target, proxy …) window → detach(dashboard, target, proxy…): focus on a specific part shortcuts: ctrl + shift + D → switch to Dashboard ctrl + shift + T → switch to Target tab ctrl + shift + P → switch to Proxy tab ctrl + shift + I → switch to Intruder tab ctrl + shift + R → switch to repeater tab
Global settings - User options tab Project settings - Project options tab can’t save projects so Burp will reset during close
User options:
- connections: control how Burp makes connections to target (set a proxy for burp to connect through)
- TLS: enable and disable Transport Layer Security options (place to upload client certificates)
- Display: change looks (dark/light mode)
- Misc: HotKeys(change keyboard shortcuts)
Project options
- connections: over-ride application-wide settings
- HTTP: defines how Burp handles various aspects of HTTP protocol (handle redirects, unusual responses)
- TLS: over-ride application-wide TLS options, show list of public server certificates for listed sites
- Sessions: options for handling sessions, control Burp obtains,saves and uses session cookies/automation
- Misc: Similar to user-options misc, options for logging and embedded browser
Introduction to Burp Proxy
-allows us to capture requests and responses between ourselves and our target -can be manipulated or sent to other tools for further processing -using Burp Proxy: capture our request and allowed to continue only when explicitly defined -Using Burp Proxy: capture response from server and allow it to continue when explicitly defined -Important to take control of web traffic
- Active Proxy makes request to website
- Broswer making request will hang (request appears in the Proxy tab)
- Choose to forward or drop the request (potentially after editing it) - we can send request to other Burp modules, copy it as cURL command, save it to a file etc -Intercept is off - allows requests to pass through the proxy without being stopped (Burp suite will still log request but doesn’t hang before sending request) -Burp will also capture and log WebSocket communication -Proxy specific options in options sub-tab: control over proxy operation, creat rules etc -Match and Replace: perform regex on incoming and outgoing requests (automatically change user agent to emulate different browser in outgoing requests)
Connecting through the Proxy
- use the embedded browser
- configure local web browser to proxy our traffic through Burp
127.0.0.1:8080 (default web interface) - redirect all web traffic fire fox extension (FoxyProxy) standard vs basic standard - more control over traffic
Proxy HTTPS -add burp certificates
Burp Suite Browser -Allow the embedded browser to run without a sandbox
Scoping -define what gets proxied and logged -target certain web applications to test -target tab, right click - add to scope
Site Map and Issue Definitions -site map: map out the apps we are targeting in a tree structure. every page is logged -scope: control burp target scope -issue definitions: list of all vulns burp looks for *LOTS OF INFO HERE