BurpSuite:

The Swiss army knife of security tools

Glancing Blow

Proxy – Where It Starts

A proxy is a piece of software (it could be hardware)

It sits between one thing and another and behaves as the middleman

Example
– You are at your browser communicating with a web app
– You decide you want a proxy sitting between your browser and the app
– So, you start a proxy server running and then you tell your browser to send
requests to the proxy
– The proxy receives requests from the browser and forwards them to the web
app
– When responses come back, the proxy routes them to you

Proxy – Why Would You Do This?

• Because the proxy provides a service you want
– Encryption of traffic
– Anti-virus scanning
– Keeping track of sites visited
– Stopping you from reaching some sites
– Giving you control over what goes on
– Allowing you to see what is going on in the exchange
– Providing services to make your job easier
• The proxy can make your life much simpler

Getting Burp Suite

There are two versions
– Professional, about $300/year
– Not so professional, free, and missing some cool stuf

Download it from http://portswigger.net
• It’s Java App, so you just download the jar file
• Put it somewhere convenient
– /home/opt/BurpSuite or C:/opt/BurpSuite or whatever

• To start it, use – java –Xmx1024m –jar – The amount of memory can be lower or larger, but 256m is about the min

How to Proxy with Burp

How to Proxy with Burp

IE – Tools -> Internet Options -> Connections -> LAN Settings – Configure Proxy Settings – Check Manual Proxy Settings – Use this proxy server … – Check this if you want – Change the port if desired

Testing Your Setup

Chromium and Safari left to the reader • You are now set up. • To test it, click on the Proxy -> History tab • Then go to some URL in your browser

The Setup

Information in the History Tab

First, there is a huge amount of information just in the History tab

Request Headers

Response

Response Headers

Submit Request Params

Popup Menu Options

Right-click

This how you can pass a particular URL to one of the Burp Suite tool. – Repeater – Spider – Active Scan – Passive Scan – Intruder

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *