🟧Burp Suite: Repeater

Learn how to use Repeater to duplicate requests in Burp Suite

https://tryhackme.com/room/burpsuiterepeater

Room Attributes
Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Info

Tags

Burp Suite, Repeater, Tutorial, Walkthrough

Task 1 - Introduction Outline

Deploy the machine (and the AttackBox if you are not using your own attack VM), and let's get started!

Note: If you are not using the AttackBox and want to connect to this machine without the VPN, you can do so using this link once the machine has fully loaded and an IP address is displayed: https://LAB_WEB_URL.p.thmlabs.com.

Task 2 - Repeater What is Repeater?

Familiarise yourself with the Repeater interface.

Task 3 - Repeater Basic Usage

Capture a request to http://MACHINE_IP in the Proxy and send it to Repeater. Practice modifying and re-sending the request numerous times.

Task 4 - Repeater Views

Experiment with the available view options.

Which view option displays the response in the same format as your browser would?

Reveal Flag đŸš©

đŸš©Render

Task 5 - Repeater Inspector

Get comfortable with Inspector and practice adding/removing items from the various request sections.

Task 6 - Practical Example

Capture a request to http://MACHINE_IP/ in the Proxy and send it to Repeater.

Send the request once from Repeater -- you should see the HTML source code for the page you requested in the response tab. Try viewing this in one of the other view options (e.g. Rendered).

Using Inspector (or manually, if you prefer), add a header called FlagAuthorised and set it to have a value of True. e.g.: Headers with FlagAuthorised Added. Send the request. What is the flag you receive?

Reveal Flag đŸš©

đŸš©THM{Yzg2MWI2ZDhlYzdlNGFiZTUzZTIzMzVi}

Task 7 - Practical Challenge

Capture a request to one of the numeric products endpoints in the Proxy, then forward it to Repeater.

See if you can get the server to error out with a "500 Internal Server Error" code by changing the number at the end of the request to extreme inputs. What is the flag you receive when you cause a 500 error in the endpoint?

Reveal Flag đŸš©

đŸš©THM{N2MzMzFhMTA1MmZiYjA2YWQ4M2ZmMzhl}

Task 8 - Extra Mile SQLi with Repeater

Once you have captured the request, send it to Repeater with Ctrl + R or by right-clicking and choosing "Send to Repeater".

You should see that the server responds with a "500 Internal Server Error", indicating that we successfully broke the query.

With this information, we can skip over the query column number and table name enumeration steps.

Looking through the returned response, we can see that the first column name (id) has been inserted into the page title.

This process is shown in below

Hey presto, we have a flag!

Exploit the union SQL injection vulnerability in the site. What is the flag?

Reveal Flag đŸš©

đŸš©THM{ZGE3OTUyZGMyMzkwNjJmZjg3Mzk1NjJh}

Task 9 - Conclusion Room Conclusion

I can use Burp Suite Repeater!

Last updated