đŸš©
THM Walkthroughs
  • THM Walkthroughs
    • đŸ§‘â€đŸ«Tutorial
  • 🟩Difficulty: Info
    • 🔌What is Networking?
    • 🔌Intro to LAN
    • 🐧Linux Fundamentals
      • 🐧Linux Fundamentals Part 1
        • Task 2 - A Bit of Background on Linux
        • Task 4 - Running Your First few Commands
        • Task 5 - Interacting With the Filesystem!
        • Task 6 - Searching for Files
        • Task 7 - An Introduction to Shell Operators
      • 🐧Linux Fundamentals Part 2
        • Task 3 - Introduction to Flags and Switches
        • Task 4 - Filesystem Interaction Continued
        • Task 5 - Permissions 101
        • Task 6 - Common Directories
      • 🐧Linux Fundamentals Part 3
        • Task 3 - Terminal Text Editors
        • Task 4 - General/Useful Utilities
        • Task 5 - Processes 101
        • Task 6 - Maintaining Your System: Automation
        • Task 8 - Maintaining Your System: Logs
    • đŸȘŸWindows Fundamentals
      • đŸȘŸWindows Fundamentals 1
      • đŸȘŸWindows Fundamentals 2
      • đŸȘŸWindows Fundamentals 3
    • 🔓Principles of Security
    • 🐍Python Basics
    • 🔍History of Malware
    • đŸŠčCommon Attacks
    • đŸ–„ïžSecurity Awareness
    • ⚔Intro to Offensive Security
    • đŸŠčPentesting Fundamentals
    • 🔓CVE Walkthroughs
      • đŸ–„ïžSudo Security Bypass: CVE-2019-14287
      • đŸ–„ïžSudo Buffer Overflow: CVE-2019-18634
      • đŸ–„ïžBaron Samedit: CVE-2021-3156
      • đŸ–„ïžOverlayFS: CVE-2021-3493
      • đŸ–„ïžPolkit: CVE-2021-3560
      • đŸ–„ïžPwnkit: CVE-2021-4034
      • đŸȘ¶Apache HTTP Server Path Traversal: CVE-2021-41773/42013
      • đŸ§»Dirty Pipe: CVE-2022-0847
      • 🟱Spring4Shell: CVE-2022-22965
    • 🟧Burp Suite
      • 🟧Burp Suite: The Basics
      • 🟧Burp Suite: Repeater
    • 🏁Challenges
      • ‎Bypass Disable Functions
    • đŸŽŸïžTHM PROMOs
      • đŸŽŸïžLearn and win prizes [PROMO ENDED]
      • đŸŽŸïžLearn and win prizes #2 [PROMO ENDED]
  • đŸŸ©Difficulty: Easy
    • 🚀Learning Cyber Security
    • 🔁The Hacker Methodology
    • 🔍Google Dorking
      • Task 2 - Let's Learn About Crawlers
      • Task 4 - Beepboop - Robots.txt
      • Task 5 - Sitemaps
      • Task 6 - What is Google Dorking?
    • 🐝OWASP Top 10
      • Task 5 - Command Injection Practical
      • Task 7 - Broken Authentication Practical
      • Task 11 - Sensitive Data Exposure (Challenge)
      • Task 13 - XML External Entity - eXtensible Markup Language
      • Task 14 - XML External Entity - DTD
      • Task 16 - XML External Entity - Exploiting
      • Task 18 - Broken Access Control (IDOR Challenge)
      • Task 19 - Security Misconfiguration
      • Task 20 - Cross-site Scripting
      • Task 21 - Insecure Deserialization
      • Task 24 - Insecure Deserialization - Cookies
      • Task 25 - Insecure Deserialization - Cookies Practical
      • Task 30 - Insufficient Logging and Monitoring
    • 📡Nmap
      • Task 2 - Introduction
      • Task 3 - Nmap Switches
      • Task 5 - TCP Connect Scans
      • Task 6 - Scan Types SYN Scans
      • Task 7 - UDP Scans
      • Task 8 - NULL, FIN and Xmas
      • Task 9 - ICMP Network Scanning
      • Task 10 - NSE Scripts Overview
      • Task 11 - Working with the NSE
      • Task 12 - Searching for Scripts
      • Task 13 - Firewall Evasion
      • Task 14 - Practical
    • 📡RustScan
      • Task 2 - Installing RustScan
      • Task 5 - Extensible
      • Task 7 - Scanning Time!
      • Task 8 - RustScan Quiz
    • 🐙Crack the hash
    • 🌍OhSINT
    • 🧑‍🚀Vulnversity
    • 🧊Ice
    • đŸȘŸBlue
    • 🎄Advent of Cyber 4 (2022)
  • 🟹Difficulty: Medium
    • đŸȘŸAttacktive Directory
      • Task 3 - Welcome to Attacktive Directory
      • Task 4 - Enumerating Users via Kerberos
      • Task 5 - Abusing Kerberos
      • Task 6 - Back to the Basics
      • Task 7 - Elevating Privileges within the Domain
      • Task 8 - Flag Submission Panel
    • 💀Mr Robot CTF
    • 🛗Linux PrivEsc
    • 🛗Linux PrivEsc Arena [WIP]
    • 🛗Windows PrivEsc Arena
  • 🟧Difficulty: Hard
    • 🐘Hacking Hadoop [WIP]
  • đŸŸ„Difficulty: Insane
    • â›șYou're in a cave [WIP]
  • Blank Room (Duplicate Me)
Powered by GitBook
On this page
  • Task 1 Introduction Outline
  • Task 2 Getting Started What is Burp Suite?
  • Which edition of Burp Suite will we be using in this module?
  • Which edition of Burp Suite runs on a server and provides constant scanning for target web apps?
  • Burp Suite is frequently used when attacking web applications and ______ applications.
  • Task 3 Getting Started Features of Burp Community
  • Which Burp Suite feature allows us to intercept requests between ourselves and the target?
  • Which Burp tool would we use if we wanted to bruteforce a login form?
  • Task 4 Getting Started Installation
  • If you have chosen not to use the AttackBox, make sure that you have a copy of Burp Suite installed before proceeding.
  • Task 5 Getting Started The Dashboard
  • Open Burp Suite and have a look around the dashboard. Make sure that you are comfortable with it before moving on.
  • Task 6 Getting Started Navigation
  • Get comfortable navigating around the top menu bars.
  • Task 7 Getting Started Options
  • Change the Burp Suite theme to dark mode
  • In which Project options sub-tab can you find reference to a "Cookie jar"?
  • In which User options sub-tab can you change the Burp Suite update behaviour?
  • What is the name of the section within the User options "Misc" sub-tab which allows you to change the Burp Suite keybindings?
  • If we have uploaded Client-Side TLS certificates in the User options tab, can we override these on a per-project basis (Aye/Nay)?
  • There are many more configuration options available. Take the time to read through them. In the next section, we will cover the Burp Proxy -- a much more hands-on aspect of the room.
  • Task 8 Proxy Introduction to the Burp Proxy
  • Which button would we choose to send an intercepted request to the target in Burp Proxy?
  • [Research] What is the default keybind for this?
  • Task 9 Proxy Connecting through the Proxy (FoxyProxy)
  • Read through the options in the right-click menu. There is one particularly useful option that allows you to intercept and modify the response to your request. What is this option?
  • Task 10 Proxy Proxying HTTPS
  • If you are not using the AttackBox, configure Firefox (or your browser of choice) to accept the Portswigger CA certificate for TLS communication through the Burp Proxy.
  • Task 11 Proxy The Burp Suite Browser
  • Using the in-built browser, make a request to http://MACHINE_IP/ and capture it in the proxy.
  • Task 12 Proxy Scoping and Targeting
  • Add http://MACHINE_IP/ to your scope and change the Proxy settings to only intercept traffic to in-scope targets. See the difference between the amount of traffic getting caught by the proxy before and after limiting the scope.
  • Task 13 Proxy Site Map and Issue Definitions
  • Take a look around the site on http://MACHINE_IP/ -- we will be using this a lot throughout the module. Visit every page linked to from the homepage, then check your sitemap -- one endpoint should stand out as being very unusual! Visit this in your browser (or use the "Response" section of the site map entry for that endpoint). What is the flag you receive?
  • Look through the Issue Definitions list. What is the typical severity of a Vulnerable JavaScript dependency?
  • Task 14 Practical Example Attack
  • Try typing: <script>alert("Succ3ssful XSS")</script>, into the "Contact Email" field. You should find that there is a client-side filter in place which prevents you from adding any special characters that aren't allowed in email addresses:
  • Fortunately for us, client-side filters are absurdly easy to bypass. There are a variety of ways we could disable the script or just prevent it from loading in the first place. Let's focus on simply bypassing the filter for now. First, make sure that your Burp Proxy is active and that the intercept is on.
  • Now, enter some legitimate data into the support form. For example: "pentester@example.thm" as an email address, and "Test Attack" as a query. Submit the form -- the request should be intercepted by the proxy.
  • With the request captured in the proxy, we can now change the email field to be our very simple payload from above: <script>alert("Succ3ssful XSS")</script>. After pasting in the payload, we need to select it, then URL encode it with the Ctrl + U shortcut to make it safe to send.
  • Finally, press the "Forward" button to send the request. You should find that you get an alert box from the site indicating a successful XSS attack!
  • Congratulations, you bypassed the filter! Don't expect it to be quite so easy in real life, but this should hopefully give you an idea of the kind of situation in which Burp Proxy can be useful.
  • Task 15 Conclusion Room Conclusion
  • I understand the fundamentals of using Burp Suite!
  1. Difficulty: Info
  2. Burp Suite

Burp Suite: The Basics

An introduction to using Burp Suite for Web Application pentesting

PreviousBurp SuiteNextBurp Suite: Repeater

Last updated 3 years ago

Room Attributes
Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Info

Tags

Burp Suite, Webapp, Tutorial, Toolkit

Task 1 Introduction Outline

Deploy the machine attached to the task by pressing the green "Start Machine" button, as well as the AttackBox (using the "Start AttackBox" button at the top of the page) if you are not using your own machine.

No answer needed

Task 2 Getting Started What is Burp Suite?

Which edition of Burp Suite will we be using in this module?

HINT: The task above contains the answer in bold text. Paragraph Three.

Which edition of Burp Suite runs on a server and provides constant scanning for target web apps?

Burp Suite is frequently used when attacking web applications and ______ applications.

HINT: Fill in the blank

Task 3 Getting Started Features of Burp Community

Which Burp Suite feature allows us to intercept requests between ourselves and the target?

Which Burp tool would we use if we wanted to bruteforce a login form?

Task 4 Getting Started Installation

If you have chosen not to use the AttackBox, make sure that you have a copy of Burp Suite installed before proceeding.

No answer needed

Task 5 Getting Started The Dashboard

Open Burp Suite and have a look around the dashboard. Make sure that you are comfortable with it before moving on.

No answer needed

Task 6 Getting Started Navigation

Get comfortable navigating around the top menu bars.

No answer needed

Task 7 Getting Started Options

Change the Burp Suite theme to dark mode

No answer needed

In which Project options sub-tab can you find reference to a "Cookie jar"?

In which User options sub-tab can you change the Burp Suite update behaviour?

What is the name of the section within the User options "Misc" sub-tab which allows you to change the Burp Suite keybindings?

If we have uploaded Client-Side TLS certificates in the User options tab, can we override these on a per-project basis (Aye/Nay)?

There are many more configuration options available. Take the time to read through them. In the next section, we will cover the Burp Proxy -- a much more hands-on aspect of the room.

No answer needed

Task 8 Proxy Introduction to the Burp Proxy

Which button would we choose to send an intercepted request to the target in Burp Proxy?

[Research] What is the default keybind for this?

Note: Assume you are using Windows or Linux (i.e. swap Cmd for Ctrl).

HINT: Use what you learnt in a previous task to look up the keybindings used in Burp Suite, then find a keybinding related to forwarding intercepted proxy messages.

Task 9 Proxy Connecting through the Proxy (FoxyProxy)

Read through the options in the right-click menu. There is one particularly useful option that allows you to intercept and modify the response to your request. What is this option?

Note: The option is in a dropdown sub-menu.

[Bonus Question -- Optional] Try installing FoxyProxy standard and have a look at the pattern matching features.

No answer needed

Task 10 Proxy Proxying HTTPS

If you are not using the AttackBox, configure Firefox (or your browser of choice) to accept the Portswigger CA certificate for TLS communication through the Burp Proxy.

No answer needed

Task 11 Proxy The Burp Suite Browser

Using the in-built browser, make a request to http://MACHINE_IP/ and capture it in the proxy.

No answer needed

Task 12 Proxy Scoping and Targeting

Add http://MACHINE_IP/ to your scope and change the Proxy settings to only intercept traffic to in-scope targets. See the difference between the amount of traffic getting caught by the proxy before and after limiting the scope.

No answer needed

Task 13 Proxy Site Map and Issue Definitions

Take a look around the site on http://MACHINE_IP/ -- we will be using this a lot throughout the module. Visit every page linked to from the homepage, then check your sitemap -- one endpoint should stand out as being very unusual! Visit this in your browser (or use the "Response" section of the site map entry for that endpoint). What is the flag you receive?

HINT: You are looking for a suspicious page with a name made up of a series of random letters and numbers.

Look through the Issue Definitions list. What is the typical severity of a Vulnerable JavaScript dependency?

Task 14 Practical Example Attack

Try typing: <script>alert("Succ3ssful XSS")</script>, into the "Contact Email" field. You should find that there is a client-side filter in place which prevents you from adding any special characters that aren't allowed in email addresses:

No answer needed

Fortunately for us, client-side filters are absurdly easy to bypass. There are a variety of ways we could disable the script or just prevent it from loading in the first place. Let's focus on simply bypassing the filter for now. First, make sure that your Burp Proxy is active and that the intercept is on.

No answer needed

Now, enter some legitimate data into the support form. For example: "pentester@example.thm" as an email address, and "Test Attack" as a query. Submit the form -- the request should be intercepted by the proxy.

No answer needed

With the request captured in the proxy, we can now change the email field to be our very simple payload from above: <script>alert("Succ3ssful XSS")</script>. After pasting in the payload, we need to select it, then URL encode it with the Ctrl + U shortcut to make it safe to send.

No answer needed

Finally, press the "Forward" button to send the request. You should find that you get an alert box from the site indicating a successful XSS attack!

No answer needed

Congratulations, you bypassed the filter! Don't expect it to be quite so easy in real life, but this should hopefully give you an idea of the kind of situation in which Burp Proxy can be useful.

No answer needed

Task 15 Conclusion Room Conclusion

I understand the fundamentals of using Burp Suite!

No answer needed

Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag

Burp Suite Community

Burp Suite Enterprise

Mobile

Proxy

Intruder

Sessions

Misc

Hotkeys

Aye

Forward

Ctrl+F

Response to this request

THM{NmNlZTliNGE1MWU1ZTQzMzgzNmFiNWVk}

Low

🟩
🟧
🟧
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
TryHackMe | Burp Suite: The BasicsTryHackMe
https://tryhackme.com/room/burpsuitebasics
TryHackMe | Burp Suite: RepeaterTryHackMe
https://tryhackme.com/room/burpsuiterepeater
Logo
Logo