# Burpsuite and browser tricks ## Burpsuite Burpsuite is a web proxy debugger. It's the most popular web proxy being used in penetration testing by cybersecurity professionals. Below you will find all Tricks that I find useful in Burp. ### Burp certificate Make sure to download the burp certificate and load it to your browser so that it can be trusted. 1. Navigate to 2. Download the certificate 3. Go to your browser certificate manager settings and upload the Burpsuite certificate so that it can be trusted by your browser ### Burp Shortcuts
ShortcutDescription
[CTRL+R]Send to repeater
[CTRL+SHIFT+R]Go to repeater
[CTRL+I]Send to intruder
[CTRL+SHIFT+I]Go to intruder
[CTRL+U]URL encode
[CTRL+SHIFT+U]URL decode
### Install Custom Burp Extentions ```bash #Install needed tools sudo apt install -y default-jdk git clone https://github.com/PortSwigger/burp-extender-api cd burp-extender-api javac burp/*.java javac -cp burp-api.jar BurpExtender.java #Combile the CustomBurpExtention with BurpExtender jar cf CustomBurpExtention.jar BurpExtender.class #Now Load CustomBurpExtention.jar in your BurpSuite tool ``` ### Enable response interception In Burp, we can enable response interception by going to (Proxy>Options) and enabling Intercept Response under Intercept Server Responses. Option 2: right click on the request and select Do Intercept==>response to this request:
### Burp Match and Replace We can go to `(Proxy>Options>Match and Replace)` and click on Add in Burp. As an example we will use the type of Response body since the change we want to make exists in the response's body in order to enable a POST request that is by default disabled in the HTML form.
{% tabs %} {% tab title="Match" %} ``` disabled> ``` {% endtab %} {% tab title="Replace" %} ``` > ``` {% endtab %} {% endtabs %} We will notice that the response body no longer contain `disabled` which will in our case enable the button.
{% hint style="info" %} The Match/Replace won't be effective for your requests sent though Repeater. You will have to use the build-in Burp browser to get the desired replacement. {% endhint %} ### Session Handling Rules Session handling rules allows you to perform specific actions automatically when making an HTTP request, like adding automatically a specific header or add a specific cookie. You can setup session handling rules via Sessions settings in Burp :
### Reporting Finally, once all of our scans are completed, and all potential issues have been identified, we can go to (`Target>Site map`), right-click on our target, and select (`Issue>Report issues for this host`). ### Burp extensions Some extensions worth checking out include, but are not limited to:
ExtentionsExtensionsExtension

.NET beautifier

J2EEScanSoftware Vulnerability Scanner
Software Version ReporterActive Scan++Additional Scanner Checks
AWS Security ChecksBackslash Powered ScannerWsdler
Java Deserialization ScannerC02Cloud Storage Tester
CMS ScannerError Message ChecksDetect Dynamic JS
Headers AnalyzerHTML5 AuditorPHP Object Injection Check
JavaScript SecurityRetire.JSCSP Auditor
Random IP Address HeaderAutorizeCSRF Scanner
JS Link Finder
Decoder improved
### Decoder - Encode/hash/Decode ZAP The decoder of Burpsuite allows you to encode or decode a value. Right click on your value and `send to decoder.` I prefer the ZAP Decode/Encode/hash functionality which is a way straight-forward then the Decoder function of Burp. In ZAP, right click from the value you want to encode or decode and then press `Encode/Decode/hash`
You can also use Cyberchef.io for more in depth decoding functionalities. The Recipe `Magic` automatically detects the format of encoded value.
### Intruder Payload Processing is an option inside Intruder that allows you to process the payload you are sending by automating several processing tasks. We could for instance add a prefix with our payload and perform some encoding to get the desired encoded cookie that will be sent to the target.

Payload

Payload processing

Payload processed and getting an ASCII Hex cookie encoded from Base64

### MetasploitToBurp To send traffic from Metasploit to Burp, you can use the metasploit option Proxies that allows you to specify a proxy. For instance, we can use the `auxiliary/scanner/http/coldfusion_locale_traversa`l to scan our target and capture the traffic in burp with the option `Proxies`.
## Browser console tricks Make sure to type "allow pasting" first on the console to be able to copy paste code. ### Browser DevTools | **Shortcut** | **Description** | | ----------------------------- | -------------------- | | \[`CTRL+SHIFT+I`] or \[`F12`] | Show devtools | | \[`CTRL+SHIFT+E`] | Show Network tab | | \[`CTRL+SHIFT+K`] | Show Console tab | | \[`CTRL+U`] | Open the source code | #### **Get Local storage via console:** ```javascript for (let i = 0; i < localStorage.length; i++) {const key = localStorage.key(i);const value = localStorage.getItem(key);console.log(`${key}: ${value}`);} ``` #### **Export Local Storage:** 1. Open the developer console where you want to export the local storage data. 2. Use the following JavaScript to copy local storage data: javascript 3. ```javascript const localStorageData = JSON.stringify(localStorage); copy(localStorageData); console.log('Local storage data copied to clipboard'); ``` #### **Import Local Storage:** 1. Open the developer console where you want to import the local storage data. 2. Use the following JavaScript to paste and import the copied data: javascript 3. ```javascript // Ensure your copied local storage data is correctly formatted JSON const copiedLocalStorageData = '{"key1":"value1","key2":"value2"}'; // Replace with your data const data = JSON.parse(copiedLocalStorageData); for (const key in data) { localStorage.setItem(key, data[key]); } console.log('Local storage data imported'); ``` Make sure the copied data string is valid JSON. If there are any issues in the format, it could cause parsing errors. Give it another go and let me know if you need more assistance!