Burp Suite Practice

My last class, I was able to mess to play with BurpSuite. I have to say, quite a tool.

I started out by running burp as my proxy, and couldn't get to intercept my firefox traffic. Lets go troubleshooting! I did not have a certificate. So a I did little snooping in burp, and I found I was able to import a certificate through the options tab. I grabbed the PortSwigger cert, and saved it to my desktop. I went back to firefox's setting, and scrolled all the ay down to Network Settings. I set the proxy to manual, 127.0.0.1 and the port to 8080 to match the burpsuite options. I checked the also use proxy for https and then looked for a place to import the certificate. Instead of looking for it for ages, I searched for cert and saw the view certificates button. Right there at the bottom was the import button. I quickly found and imported what i needed, then chose ok. I went back in just to make sure it worked, scrolled down and found my Portswigger cert.

Now on my Linux box I loaded up a dummy website, and hosted it with my apache2 service. I made sure my proxy was set to intercept on, and I browsed to the fake site. I saw the info come in, Get / HTTP/1.1. Nice, I clicked forward to advance the packet, and GET /success. I am intercepting the traffic I want. I wanted to see what happened when I logged in with fake credentials. In plain text there was listed the password I tried. I see how this could be useful when pentesting.

Next step in our lab was to use the Intruder to brute force into the page. I clicked the Intruder tab, and checked the target tab to make sure the info was correct. I then moved over to the payload tab and loaded up a word list. This could have been rockyou.txt, a list made by CUPP, your own dictionary you have been compiling, but my flavor was a preset list from the lab. I started the attack, and watched as burp tried password after password looking for code 200. It didn't take long. I copied the password with code 200, and pasted it into the login, and I was in.

This tool was very useful. It seems very straightforward for a noob like myself, but I can also easily see some nuance, as you look at all the tabs: Target - contains list of all packages sent and returned, Proxy - to listen, intercept, edit, and send, Intruder - brute-force attacks, Repeater - requests and responses that can be edited, Sequencer - checks randomness in a certain parameter, Decoder - converts from one format to another, Comparer - compares contents of packages, Extender - extends burp with add-ons. I am looking forward to digging into more tools as I continue my journey, but for now, that was extremely cool.

#ethicalhacking #penetrationtesting #burpsuite #cybersecuritytraining