Project Toolkit 002 : Burp Suite

Is your Request an Original one? Are you sure about that?

Hey all, Today I will be talking about Burp Suite. Burp Suite is one of the most popular penetration testing and Vulnerability scanning tools out there that is used for web applications. This is mostly referred to as “Burp” and a proxy-based tool that is used to evaluate the security of web-based applications with hands-on testing. This was created by PortSwigger.

Various tools work seamlessly together in order to the entire testing process from the initial phase till the final attack phase. There are key components such as Proxy, Intruder, Repeater, scanner, and sequencer.

Installing Burp

Initially, we should download the Burp Set up on to our System where you will be performing the tasks,

https://portswigger.net/burp/communitydownload — Download Link

We will be downloading the community edition as it is the free version and the Professional edition will available if you purchase it only.

Once you click on download you will be directed to a page where you will have to select the Installer type you require.

I have selected the windows (64) Installer, you can select it according to your requirement.

Now you are ready to install Burp Suite on your machine

Once you click on the download button you will download the installer.

Once the download is completes click on the installer and waits for it to execute the complete installer,

Click on next
Select the correct location and click on Next
Tick the box confirming to create Start menu and click on Next

Once you click on the next Burp Suite will be installed to your machine.

Click Finish to complete your installation.

Once the installation is complete you can make a shortcut to the app on the Desktop.

Starting a session on Burp Suite

The first time you start a session on Burp Suite you will have to agree to the terms and conditions of the Burp Suite community edition.

Click on I Accept

Once you accept the Terms and Conditions you will be directed to the start up page where you will have to select the project type This will be automatically selected as a Temporary project since disk-based projects are only supported on Burp Suite Professional.

Click on Next

Once you click next you will be directed to a page where you will have to select the configuration that you would want to load for the project. It is automatically selected to Use Burp Defaults, I will be using Burp Defaults.

Click on Start Burp

Once you click on start burp you will be directed to the main GUI. but initially, you will be directed to the learning page since it's the first time you’re using Burp Suite.

Then if you want to proceed with learning you can go ahead and click on getting started with Burp suite and learn about it.

Let me give you an overview of the tabs we have on Burp Suite.

Dashboard tab

Over here we can have an overview of the Event log and then the ongoing tasks of the project that we are handling.

Proxy tab

The proxy tab operates as a web proxy server between the browser and the target applications. This lets you Intercept, modify and inspect the traffic passing between both directions.

Burp Suite has an inbuilt browser which is called “Chromium”, If you look at the button we have the intercept, Action, and then the open browser. Without any complications, we can open this browser.

After opening the browser we can go to the website that we are planning to observe and then switch on the intercept and reload the webpage we can see the request.

You can observe that we have captured the request to the website in the above image.

We will talk about the rest of the tabs and more information about the above tab by using a small activity.

Link to the activity: http://mercury.picoctf.net:27177/

You can copy the above link and then paste it on the Chromium Browser and load the page once the page is loaded switch on the Intercept and reload the page again.

You can observe that we have captured the request sent to the web page.

In order to modify and then inspect the responses that we get from the website, we can send the captured request to the repeater.

Note: In order to send the captured request to the repeater we can right-click on the request that we captured and then a drop-down menu will appear, then simply select send to the repeater.

Now let's see how the Repeater tab works

Over here we can do modifications to the request that we have and once we click on the send button we will be able to observe the response relevant to the request that we made.

As in the above image you can observe the response of the request by clicking the send button.

Here we are at the end of today’s session. Hope you enjoyed reading the article as much as I did writing it. Make sure to try Burp Suite with the help of these CTF challenges and for your other projects as well.

Always remember, “KEEP TRYING AND DON’T GIVE UP”, See y’all all soon!

Stay home, stay safe!

Written by Vihan Udawela— 2nd Year 2nd Semester -Cyber Security Student-SLIIT

First they begin with Us..