Burp Suite is a platform for performing web application security testing. In this post, I will share a few tips on how to use this tool more effectively.
Settings
To work properly with any tool, it is important to customize it for yourself. There are 2 types of settings in Burp Suite:
- User Options - Settings related to the Burp Suite itself
- Project Options - Settings for what you hack
Encodings
, . UtF-8 . User Options -> Display -> Characters Sets.
Burp Suite . , " ". User Options -> Misc -> Hotkeys. :
- \:
- Ctrl+(Shift)+U|H|B โURL|HTML|Base64 (de)codeโ
- GUI:
- Ctrl+Shift+T|P|S|I|R โ โ โ
- Ctrl+I|R|D โ " "
- Burp Repeater:
- Ctrl+G โ " Burp Repeater"
Proxy Interception
, Burp Proxy - , ? . - , . โฆ , . User -> Misc -> Proxy Interseption "Always Disable".
PortSwigger . "", . , โ , PortSwigger. User Options -> Misc -> Performance Feedback .
Burp Collaborator, . WAF, burpcollaborator.net . Burp Collaborator Project Options -> Misc -> Burp Collaborator Server
, . :
- ( JSON ).
- .
- (, git ).
- :
{
"project_options":{
// options
},
"user_options":{
// options
}
}
Burp Suite . , .
, .
Burp Suite Java, , . :
java -jar -Xmx2048M burp.jar
Burp Suite. :
- Burp Proxy Burp Suite, , , .
- Burp Repeater โ HTTP-, - .
- Burp Intruder โ -. , , .
, . , , . Target -> Site Map, , Engagement tools -> Find reference. , , .
Burp Proxy. , ; false true .. . , . , bxss, BlindXSS. , . Proxy -> Options -> Match and replace.
Burp Suite , , . , , - .
Burp Repeater, Burp Intruder, .
. Burp , , . , , "+", "Auto-scroll to match when text changes".
\. Burp Repeater View->Top/bottom split
Burp Intruder, Burp Scanner , .. , Burp Intruder , , "Scan defined insertion points" . , .. Burp Scanner , , cookies, , URI, .
Burp Intruder , . , /, - . , , , , .
:
- Add prefix / suffix โ .
- Match / replace โ , , .
- Encode / Decode โ : URL, HTML, Base64, ASCII hex.
- Hash โ .
- Skip if matches regex โ , . , , , , .
Intruder
Burp Intruder , . Burp . , , , .
Using this option becomes most useful when analyzing large volumes of scan results and allows you to quickly find things of interest. For example, when testing SQL injections, searching for messages containing "ODBC", "error", etc. will help you quickly find vulnerable parameters.