Deploy the machine attached to the task by pressing the green "Start Machine" button, as well as the AttackBox (using the "Start AttackBox" button at the top of the page) if you are not using your own machine.
No answer needed
Task 2 Getting Started What is Burp Suite?
Which edition of Burp Suite will we be using in this module?
HINT: The task above contains the answer in bold text. Paragraph Three.
There are many more configuration options available. Take the time to read through them. In the next section, we will cover the Burp Proxy -- a much more hands-on aspect of the room.
No answer needed
Task 8 Proxy Introduction to the Burp Proxy
Which button would we choose to send an intercepted request to the target in Burp Proxy?
Note: Assume you are using Windows or Linux (i.e. swap Cmd for Ctrl).
HINT: Use what you learnt in a previous task to look up the keybindings used in Burp Suite, then find a keybinding related to forwarding intercepted proxy messages.
Task 9 Proxy Connecting through the Proxy (FoxyProxy)
Read through the options in the right-click menu.
There is one particularly useful option that allows you to intercept and modify the response to your request. What is this option?
[Bonus Question -- Optional] Try installing FoxyProxy standard and have a look at the pattern matching features.
No answer needed
Task 10 Proxy Proxying HTTPS
If you are not using the AttackBox, configure Firefox (or your browser of choice) to accept the Portswigger CA certificate for TLS communication through the Burp Proxy.
No answer needed
Task 11 Proxy The Burp Suite Browser
Using the in-built browser, make a request to http://MACHINE_IP/ and capture it in the proxy.
No answer needed
Task 12 Proxy Scoping and Targeting
Add http://MACHINE_IP/ to your scope and change the Proxy settings to only intercept traffic to in-scope targets. See the difference between the amount of traffic getting caught by the proxy before and after limiting the scope.
No answer needed
Task 13 Proxy Site Map and Issue Definitions
Take a look around the site on http://MACHINE_IP/ -- we will be using this a lot throughout the module. Visit every page linked to from the homepage, then check your sitemap -- one endpoint should stand out as being very unusual! Visit this in your browser (or use the "Response" section of the site map entry for that endpoint). What is the flag you receive?
HINT: You are looking for a suspicious page with a name made up of a series of random letters and numbers.
Try typing: <script>alert("Succ3ssful XSS")</script>, into the "Contact Email" field. You should find that there is a client-side filter in place which prevents you from adding any special characters that aren't allowed in email addresses:
No answer needed
Fortunately for us, client-side filters are absurdly easy to bypass. There are a variety of ways we could disable the script or just prevent it from loading in the first place. Let's focus on simply bypassing the filter for now. First, make sure that your Burp Proxy is active and that the intercept is on.
No answer needed
Now, enter some legitimate data into the support form. For example: "pentester@example.thm" as an email address, and "Test Attack" as a query. Submit the form -- the request should be intercepted by the proxy.
No answer needed
With the request captured in the proxy, we can now change the email field to be our very simple payload from above: <script>alert("Succ3ssful XSS")</script>. After pasting in the payload, we need to select it, then URL encode it with the Ctrl + U shortcut to make it safe to send.
No answer needed
Finally, press the "Forward" button to send the request. You should find that you get an alert box from the site indicating a successful XSS attack!
No answer needed
Congratulations, you bypassed the filter! Don't expect it to be quite so easy in real life, but this should hopefully give you an idea of the kind of situation in which Burp Proxy can be useful.
No answer needed
Task 15 Conclusion Room Conclusion
I understand the fundamentals of using Burp Suite!
