Shulou(Shulou.com)06/01 Report--

Burp Suite is one of the best tools for Web application testing, and its various functions can help us perform various tasks. Intercept and modify requests, scan for web application vulnerabilities, violently crack login forms, perform session tokens and other random checks. This article will do a completely positive exercise of Burp Suite, mainly discussing its following features.

1. Agent-Burp Suite comes with an agent that runs on the default port 8080. With this agent, we can intercept and modify packets from the client to the web application.

2.Spider (Spider)-Burp Suite's spider function is used to grab links and content of Web applications, etc. It will automatically submit a login form (through user-defined input). Burp Suite spiders can crawl and scan all the links on the site, through detailed scanning of these links to find vulnerabilities in Web applications.

3.Scanner (Scanner)-it is used to scan for vulnerabilities in Web applications. There may be some false positives during testing. It is important to remember that the results of automatic scanners cannot be completely 100% accurate.

4.Intruder (* *)-this function can be used for a variety of purposes, such as exploiting vulnerabilities, fuzzy testing of Web applications, brute force guessing, etc.

5.Repeater (repeater)-this function is used to modify and send the same number of requests and analyze them according to different situations.

6. Sequencer Web-this function is mainly used to check the randomness of session tokens provided by Sequencer applications. And perform various tests.

7.Decoder (Decoding)-this function can be used to decode data to retrieve its original data form, or to encode and encrypt data.

8. Compare house-this function is used to perform a comparison between any two requests, responses, or any other form of data.

1) Proxy (Agent)

The proxy function enables us to intercept and modify requests. To intercept requests and manipulate them, we must configure our browser through Burp Suite.

Open the alerts tab and you can see that the agent is running on port 8080. We can modify this configuration under Proxy-- > options.

Here we can edit the port on which the agent is listening and even add a new proxy listener. Burp also has the option to submit certificates to SSL protection sites. By default, Burp installs immediately after creating a self-signed certificate. When the "generate CA-signed per-host certificates" option is selected, Burp's certificate function will generate a specific host that we can link to sign the certificate. The only thing we care about here is that when a user links to a SSL-protected site, it can later reduce the number of site warnings.

If we do not check the "listen on loopback interface only" option, it means that Burp Proxy can act as a proxy for other systems on the network. This means that any computer in the same network can use the Burp Proxy function to become a proxy and relay traffic through it.

The support invisible proxying for non-proxy-aware client option is for clients who do not know they are using a proxy. This means that proxy settings are not set in browsers, but sometimes in hosts files. In this case, unlike setting the proxy option to the browser itself, Burp needs to know that it receives traffic from a non-proxy client. The "redirect to host" and "redirect to port" options redirect the client to the host and port we set after this option.

There is an option to modify the html page received from the response. We can unhide form fields, delete javascript, and so on. There is also an option to replace the specific pattern found with a custom string. We need to specify a regular expression with. Burp parses the request or response in the hope of finding the pattern and replaces it with a custom string.

Next, a warning pop-up window asks us to "add item to scope". Click "Yes". A scope will be defined on the test goals we run.

Entering the Scope tag, we can see that the DVWA application has been added to the scope.

Another important option is application login (application login). Once Burp Spider submits a login form, start crawling (crawling). It can automatically submit the certificate we provide to it. We can also set admin/password credentials, and after setting them, they will be used as credentials in DVWA. Therefore, Burp Spider can automatically submit those information certificates and maintain the crawling state in the hope of getting more new information. You can also modify the number of threads in the thread item.

This will launch Burp Spider, under the Spider control tag we will see the request being made, we can also customize a scope for Burp Spider.

3) Intruder (* *)

Burp Intruder can be used for exploiting vulnerabilities, fuzzy testing, brute force guessing, etc. In this case, we will use Burp Suite's Intruder to violently guess DVWA. Browse to DVWA, click Burp Force, type username and password casually, and make sure intercept is on is on on Burp Suite. Then click Log in.

The above operation will send the request information to the intruder function. Enter the intruder tab and configure Burp Suite to initiate brute force guessing. Under the target tag, you can see that the target for the request * * has been set.

Clicking the clear button on the right will delete all important information presented in different colors. Next we need to configure Burp to take only the user name and password as parameters this time. Select the username in this request (in this case, the user name means "infosecinstiture") and click Add. Similarly, the password in this request is also added. After doing so, the user name and password will become the first and second parameters. Once you are done, the output should look like the following figure:

Next, we need to set the * * type of this time. By default, the * type is "Sniper". In this case, we will use the * type of "Cluster Bomb". There are four types of singer,battering ram,pitchfork,cluster bomb. The type we see in the following figure is "Cluster Bomb'".

Enter the payload tab, make sure that the value of "payload set" is 1, and click "load" to load a file containing the user name. In this example, we use a very small file to demonstrate. After loading, the user name in the user name file will look like the following figure

Also set the value of "payload set" to 2 and click "load" to load a password dictionary file.

Enter the "options" tab and make sure that "store requests" and "store responses" under results are selected.

Detailed explanation of Burp Suite usage

Click "Intruder" in the upper left corner to start *, and you will see a pop-up windows window with all the requests we have made.

How do we determine which login request is successful? There is a different response status through a successful request than an unsuccessful one. In this case, the response length of the username "admin" and password "password" is different from other requests.

Click "request" depending on the response request. If we click the "response" option, we see the word "welcome the password protected area admin" in the response, which means that the username/password used in this request is correct.

The * * function of Burp is one of the most powerful functions of Burp Suite. We should study its use carefully.

4) Repeater (relay forwarding)

Through the Burp Repeater function, we can manually modify a request and send it out to analyze the response returned. We need to send requests to Burp Repeater from different places, such as * *, agents, etc. To send a request to Repeater, just right-click "send to Repeater".

Click on the Repeater tab and you will see request and three tags named 1 and 2 and 3.

We can also see requests in requestparams,header,hex and raw formats, and we can modify any one of them before sending the request.

Just modify the username=admin,password=password under the Params request, click go, and the request will be sent.

We can analyze the response returned by the response section.

There are still several functions that have not been translated. Due to the lack of English proficiency and work experience, the translation of many professional words may not be very accurate. Paste the original URL and you can read it by comparison.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.