Burp Suite

From charlesreid1

Revision as of 00:47, 3 March 2022 by Unknown user (talk) (→‎Proxy)

Installing

Mac

Use the Mac installer provided by portswigger: https://portswigger.net/burp/communitydownload

Debian Linux

Dependencies

The jarwrapper library is required to install burpsuite: 

sudo apt-get install jarwrapper

Installing burpsuite with KaliTools

Use KaliTools to install burpsuite on a non-Kali machine: 

cd kali-tools
python3 kali.py burpsuite
cd dist/burpsuite
dpkg-buildpackage -us -uc -b
cd ../
sudo dpkg -i burpsuite_1.7.30-0kali1_all.deb
sudo apt-get upgrade burpsuite

Incompatible JRE

Ran into a problem with the Burp Suite community edition:

"Your JRE appears to be version 11.0.14 from Debian. Burp has not been fully tested on this platform and you may experience problems."

I used aptitude to install the openjdk-11-jre package, and that's the package causing the above error. It seemed like it should have been working fine. I tried upgrading jarwrapper, and that did the trick: 

sudo apt-get -y upgrade jarwrapper

List of Features

Link to UI overview: https://www.youtube.com/watch?v=nECt-0zW0O4

Tabs:

  • Dashboard: view and configure automated tasks, scans; view results from scan
  • Target: view and explore all data captured from scans or Burp Proxy browser sessions
    • Target Scope: specify details about targets, allows driving highly configured scans
  • Proxy: intercept, view, and modify traffic via the browser
    • History: view all the requests made as part of the session
    • Options: define all of the settings of the proxy server
  • Intruder: automating custom attacks by sending a request into Intruder, and configuring details of the payload
  • Repeater: used to take a request, modify it, and send it, over and over
  • Sequencer: analyzes the randomness of various random data/tokens; collects large amount of data and runs statistical tests
  • Decoder: decode or encode data from various formats (URL encoding, base64 encoding, etc.)
  • Comparer: word- or byte-level comparison of two pieces of data
  • Extender: customizes Burp's behavior using extensions you wrote yourself using Burp's API, or extensions from the BApp Store

Menu:

  • Search: searches all of Burp's tools and items for particular expressions
  • Configuration Library: maintain separate configurations for different tools
  • Burp Infiltrator: dynamic analysis tool, can run a Burp-instrumented binary and disover potentially unsafe APIs on the server side
  • Burp Clickbandit: generating clickjacking attacks; copy script into browser, walk through sequence of actions you want victim to take, Clickbandit generates a PoC clickjacking attack
  • Burp Collaborator client: work manually with Burp Collaborator payloads

Usage

Proxy

The Burp Proxy is a proxy server built into Burp that has its own private certificate authority. It also has a built-in Chromium browser that passes all of its traffic through the proxy so that it can be inspected.

Burpsuite Proxy.png

Intercepting Traffic

One basic use of Burp is intercepting traffic.

To do this, go to Proxy > Intercept. You can open the Chromium browser included with Burp, which will use the Burp proxy.

When you open the browser, it will not intercept traffic by default, you have to click "Intercept Off" to switch it to "Intercept On".

Once you do that, you'll see each request come up as it is happening in the browser, and you can Forward the request or Drop it.

You will see all requests that are made as part of loading a page, so if there are multiple API calls being made, you'll see each one as a separate request.

Modifying Traffic

The content of requests can also be modified before the request is forwarded.

The first Burpsuite tutorial [1] on intercepting traffic demonstrates how this can be used to exploit a vulnerable e-commerce shopping site.

Repeater

Burp Repeater is a tool for examining, editing, and resending HTTP requests.

Sending Requests to Repeater

The easiest way to send a request to Repeater is to use the right-click context men.

Use the Burp Proxy browser and browse to a page of interest. Then go to Proxy > HTTP history, and find the request you want to repeat. Right click and choose "Send to Repeater".

How to Use Repeater

Repeater allows you to rapidly edit a request, and re-send it with one click of a button. The request and response are displayed side by side, and each request is in a separate tab.

Repeater won't automatically generate edits, or create a bunch of requests for you. It is intended to make the manual workflow of modifying requests and examining the responses easier.

Links

Official Tutorials

Tutorial 1: intercepting HTTP traffic: https://portswigger.net/burp/documentation/desktop/getting-started/intercepting-http-traffic

  • Burp Proxy lets you intercept HTTP requests and responses sent between your browser and the target server
  • Enables studying behavior of websites when different requests are sent
  • Open Burpsuite and go to Proxy > Intercept
  • Click Open Browser, which opens a built-in, embedded browser
  • Can browse without intercept turned on, normal experience
  • Turning on intercept will show each request, give the option to forward or drop
  • Proxy also records a history of each request
  • Burp Proxy also lets you modify HTTP requests
  • (Tutorial requires setting up an account on portswigger and using an example vulnerable website)
  • Basically you can just edit the request when you see it, before you click Forward or Drop

Tutorial 2: Using Repeater to send repeated requests: https://portswigger.net/burp/documentation/desktop/getting-started/reissuing-http-requests

  • Open the Burp Proxy browser and browse to the vulnerable website
  • (Turn off Interception)
  • Go to a product page, and look at the HTTP request history
  • Find a request for a /product API endpoint
  • Right click the request and select "Send to Repeater"
  • Go to the Repeater tab
  • Can click Send with the existing request, and view the response
  • Can modify the request, hit Send, and view new response
  • Each response is saved
  • Tampering with parameters - setting parameter to string instead of integer leads to 500 error, and stack trace is shown
  • Stack trace shows version number of software package

Tutorial 3: Running your first scan: https://portswigger.net/burp/documentation/desktop/getting-started/running-your-first-scan

  • Professional version only

Flags


Defcon.png
Kali Linux
"The quieter you become, the more you are able to hear."

Penetration testing Linux distribution.


Kali  · Category:Kali

Kali/Wireless Reboot


Kali Software:

Kali Tools

Kali Top 10

Aircrack  · Wireshark  · John the Ripper  · Nmap  · Metasploit Framework

Dsniff  · Tcpdump  · Hydra  · Sqlmap  · Burpsuite  · Commix

Dirbuster  · Valgrind


Attack Workflow:

Kali/Workflow

1 Physical Attacks: Kali/Layer 1 Attacks

2 Data/MAC Attacks: Kali/Layer 2 Attacks

3 Network Attacks: Kali/Layer 3 Attacks

4 Transport Attacks: Kali/Layer 4 Attacks

5 Session Attacks: Kali/Layer 5 Attacks

6 Presentation Attacks: Kali/Layer 6 Attacks

7 Application Attacks: Kali/Layer 7 Attacks


Red Team Blue Team

Metasploitable - Red Team

Metasploitable - Blue Team


Networking:

Kali/Hotspot  · Kali/OpenVPN  · Kali/OpenVPN/Hotspot  · Kali/OpenVPN/PIA

Kali/IPv6


Booting:

Kali/Dual Boot OS X  · Kali/Live USB  · Kali/Persistent USB


Installing:

Kali/Installing  · Kali/Post Install  · Kali/Fixes


Kali on Raspberry Pi:

Kali Raspberry Pi  · Kali Raspberry Pi/Installing  · Kali Raspberry Pi/Headless  · Kali Raspberry Pi/Post-Install


Category:Security  · Category:Wireless  · Category:Passwords  · Category:Man in the Middle

Flags  · Template:KaliFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=Burp_Suite&oldid=29001"