BurpSuite Basics

Notes on web application pentesting tool.

Basic Summary of Tools in Burp (Thanks to TryHackMe)

  • Proxy — What allows us to funnel traffic through Burp Suite for further analysis

Repeater

Utilizing the BurpSuite Room in THM we use the repeater on the website “OWASP Juice Shop”. We intercept a bad request for login and send to repeater for further exploitation.

Here we can edit the contents of email and password to send our own payloads. Changing the contents of the email and password to single quotes gives us an error handling which allows to see the server uses SQLi

Using repeater to send a zero star review to the website

Intruder

Intruder can be used for many things ranging from fuzzing to brute-forcing

Per Burp Suite Documentation:

  • Enumerating identifiers such as usernames, cycling through predictable session/password recovery tokens, and attempting simple password guessing

Intruder has 4 main attack types

1. Sniper — The most popular attack type, this cycles through our selected positions, putting the next available payload (item from our wordlist) in each position in turn. This uses only one set of payloads (one wordlist).

2. Battering Ram — Similar to Sniper, Battering Ram uses only one set of payloads. Unlike Sniper, Battering Ram puts every payload into every selected position.

3. Pitchfork — The Pitchfork attack type allows us to use multiple payload sets (one per position selected) and iterate through both payload sets simultaneously.

4. Cluster Bomb — The Cluster Bomb attack type allows us to use multiple payload sets (one per position selected) and iterate through all combinations of the payload lists we provide.

Utilizing the intruder/spider option to bruteforce the email with sqlli wordlist

We use § to add where we would like the wordlist to insert our wordlist. We load our payload in the options sections and make sure to uncheck URL encode the characters. Starting the attack, we can check to see if any of our attempts were successful

Decoder

Decoder can be used to transform our request into the correct encoding. Below we take a line from a request and decode it as URL in order to understand the text. %20 equates to “space”.

cyber enthusiast