Burpsuite and browser tricks

Burpsuite

Burpsuite is a web proxy debugger. It's the most popular web proxy being used in penetration testing by cybersecurity professionals. Below you will find all Tricks that I find useful in Burp.

Burp certificate

Make sure to download the burp certificate and load it to your browser so that it can be trusted.

Navigate to http://burpsuite
Download the certificate
Go to your browser certificate manager settings and upload the Burpsuite certificate so that it can be trusted by your browser

Burp Shortcuts

Shortcut

Description

[CTRL+R]

Send to repeater

[CTRL+SHIFT+R]

Go to repeater

[CTRL+I]

Send to intruder

[CTRL+SHIFT+I]

Go to intruder

[CTRL+U]

URL encode

[CTRL+SHIFT+U]

URL decode

Enable response interception

In Burp, we can enable response interception by going to (Proxy>Options) and enabling Intercept Response under Intercept Server Responses:

Burp Match and Replace

We can go to (Proxy>Options>Match and Replace) and click on Add in Burp.

As an example we will use the type of Response body since the change we want to make exists in the response's body in order to enable a POST request that is by default disabled in the HTML form.

disabled>

We will notice that the response body no longer contain disabled which will in our case enable the button.

The Match/Replace won't be effective for your requests sent though Repeater. You will have to use the build-in Burp browser to get the desired replacement.

Session Handling Rules

Session handling rules allows you to perform specific actions automatically when making an HTTP request, like adding automatically a specific header or add a specific cookie.

You can setup session handling rules via Sessions settings in Burp :

Reporting

Finally, once all of our scans are completed, and all potential issues have been identified, we can go to (Target>Site map), right-click on our target, and select (Issue>Report issues for this host).

Burp extensions

Some extensions worth checking out include, but are not limited to:

Decoder - Encode/hash/Decode ZAP

The decoder of Burpsuite allows you to encode or decode a value.

Right click on your value and send to decoder.

I prefer the ZAP Decode/Encode/hash functionality which is a way straight-forward then the Decoder function of Burp.

In ZAP, right click from the value you want to encode or decode and then press Encode/Decode/hash

You can also use Cyberchef.io for more in depth decoding functionalities. The Recipe Magic automatically detects the format of encoded value.

Intruder

Payload Processing is an option inside Intruder that allows you to process the payload you are sending by automating several processing tasks.

We could for instance add a prefix with our payload and perform some encoding to get the desired encoded cookie that will be sent to the target.

MetasploitToBurp

To send traffic from Metasploit to Burp, you can use the metasploit option Proxies that allows you to specify a proxy.

For instance, we can use the auxiliary/scanner/http/coldfusion_locale_traversal to scan our target and capture the traffic in burp with the option Proxies.

Browser console tricks

Make sure to type "allow pasting" first on the console to be able to copy paste code.

Browser DevTools

Shortcut

Description

[CTRL+SHIFT+I] or [F12]

Show devtools

[CTRL+SHIFT+E]

Show Network tab

[CTRL+SHIFT+K]

Show Console tab

[CTRL+U]

Open the source code

Get Local storage via console:

for (let i = 0; i < localStorage.length; i++) 
{const key = localStorage.key(i);const value = localStorage.getItem(key);console.log(`${key}: ${value}`);}

Export Local Storage:

Open the developer console where you want to export the local storage data.
Use the following JavaScript to copy local storage data:
javascript

const localStorageData = JSON.stringify(localStorage);
copy(localStorageData);
console.log('Local storage data copied to clipboard');

Import Local Storage:

Open the developer console where you want to import the local storage data.
Use the following JavaScript to paste and import the copied data:
javascript

// Ensure your copied local storage data is correctly formatted JSON
const copiedLocalStorageData = '{"key1":"value1","key2":"value2"}'; // Replace with your data
const data = JSON.parse(copiedLocalStorageData);

for (const key in data) {
    localStorage.setItem(key, data[key]);
}

console.log('Local storage data imported');

Make sure the copied data string is valid JSON. If there are any issues in the format, it could cause parsing errors. Give it another go and let me know if you need more assistance!

PreviousWeb pentest cheatsheet NextcUrl cheatsheet

Last updated 4 months ago

Burpsuite and browser tricks

Burpsuite

Burpsuite is a web proxy debugger. It's the most popular web proxy being used in penetration testing by cybersecurity professionals. Below you will find all Tricks that I find useful in Burp.

Burp certificate

Make sure to download the burp certificate and load it to your browser so that it can be trusted.

Navigate to http://burpsuite
Download the certificate
Go to your browser certificate manager settings and upload the Burpsuite certificate so that it can be trusted by your browser

Burp Shortcuts

Shortcut

Description

[CTRL+R]

Send to repeater

[CTRL+SHIFT+R]

Go to repeater

[CTRL+I]

Send to intruder

[CTRL+SHIFT+I]

Go to intruder

[CTRL+U]

URL encode

[CTRL+SHIFT+U]

URL decode

Enable response interception

In Burp, we can enable response interception by going to (Proxy>Options) and enabling Intercept Response under Intercept Server Responses:

Burp Match and Replace

We can go to (Proxy>Options>Match and Replace) and click on Add in Burp.

As an example we will use the type of Response body since the change we want to make exists in the response's body in order to enable a POST request that is by default disabled in the HTML form.

disabled>

We will notice that the response body no longer contain disabled which will in our case enable the button.

The Match/Replace won't be effective for your requests sent though Repeater. You will have to use the build-in Burp browser to get the desired replacement.

Session Handling Rules

Session handling rules allows you to perform specific actions automatically when making an HTTP request, like adding automatically a specific header or add a specific cookie.

You can setup session handling rules via Sessions settings in Burp :

Reporting

Burp extensions

Some extensions worth checking out include, but are not limited to:

Extentions

Extensions

Extension

Extentions

Extensions

Extension

Extentions

Extensions

Extension

Extentions

Extensions

Extension

Extentions

Extensions

Extension

Extentions

Extensions

Extension

Extentions

Extensions

Extension

Extentions

Extensions

Extension

Extentions

Extensions

Extension

Extentions

Extensions

Extension

Decoder - Encode/hash/Decode ZAP

The decoder of Burpsuite allows you to encode or decode a value.

Right click on your value and send to decoder.

I prefer the ZAP Decode/Encode/hash functionality which is a way straight-forward then the Decoder function of Burp.

In ZAP, right click from the value you want to encode or decode and then press Encode/Decode/hash

You can also use Cyberchef.io for more in depth decoding functionalities. The Recipe Magic automatically detects the format of encoded value.

Intruder

Payload Processing is an option inside Intruder that allows you to process the payload you are sending by automating several processing tasks.

We could for instance add a prefix with our payload and perform some encoding to get the desired encoded cookie that will be sent to the target.

MetasploitToBurp

To send traffic from Metasploit to Burp, you can use the metasploit option Proxies that allows you to specify a proxy.

For instance, we can use the auxiliary/scanner/http/coldfusion_locale_traversal to scan our target and capture the traffic in burp with the option Proxies.

Browser console tricks

Make sure to type "allow pasting" first on the console to be able to copy paste code.

Browser DevTools

Shortcut

Description

[CTRL+SHIFT+I] or [F12]

Show devtools

[CTRL+SHIFT+E]

Show Network tab

[CTRL+SHIFT+K]

Show Console tab

[CTRL+U]

Open the source code

Get Local storage via console:

for (let i = 0; i < localStorage.length; i++) 
{const key = localStorage.key(i);const value = localStorage.getItem(key);console.log(`${key}: ${value}`);}

Export Local Storage:

Open the developer console where you want to export the local storage data.
Use the following JavaScript to copy local storage data:
javascript

const localStorageData = JSON.stringify(localStorage);
copy(localStorageData);
console.log('Local storage data copied to clipboard');

Import Local Storage:

Open the developer console where you want to import the local storage data.
Use the following JavaScript to paste and import the copied data:
javascript

// Ensure your copied local storage data is correctly formatted JSON
const copiedLocalStorageData = '{"key1":"value1","key2":"value2"}'; // Replace with your data
const data = JSON.parse(copiedLocalStorageData);

for (const key in data) {
    localStorage.setItem(key, data[key]);
}

console.log('Local storage data imported');

Make sure the copied data string is valid JSON. If there are any issues in the format, it could cause parsing errors. Give it another go and let me know if you need more assistance!

PreviousWeb pentest cheatsheet NextcUrl cheatsheet

Last updated 4 months ago