Burpsuite and browser tricks

Burpsuite

Burpsuite is a web proxy debugger. It's the most popular web proxy being used in penetration testing by cybersecurity professionals. Below you will find all Tricks that I find useful in Burp.

Burp certificate

Make sure to download the burp certificate and load it to your browser so that it can be trusted.

1. Navigate to http://burpsuite

2. Download the certificate

3. Go to your browser certificate manager settings and upload the Burpsuite certificate so that it can be trusted by your browser

Burp Shortcuts

Install Custom Burp Extentions

Enable response interception

In Burp, we can enable response interception by going to (Proxy>Options) and enabling Intercept Response under Intercept Server Responses.

Option 2: right click on the request and select Do Intercept==>response to this request:

Burp Match and Replace

We can go to (Proxy>Options>Match and Replace) and click on Add in Burp.

As an example we will use the type of Response body since the change we want to make exists in the response's body in order to enable a POST request that is by default disabled in the HTML form.

We will notice that the response body no longer contain disabled which will in our case enable the button.

Session Handling Rules

Session handling rules allows you to perform specific actions automatically when making an HTTP request, like adding automatically a specific header or add a specific cookie.

You can setup session handling rules via Sessions settings in Burp :

Reporting

Finally, once all of our scans are completed, and all potential issues have been identified, we can go to (Target>Site map), right-click on our target, and select (Issue>Report issues for this host).

Burp extensions

Some extensions worth checking out include, but are not limited to:

Decoder - Encode/hash/Decode ZAP

The decoder of Burpsuite allows you to encode or decode a value.

Right click on your value and send to decoder.

I prefer the ZAP Decode/Encode/hash functionality which is a way straight-forward then the Decoder function of Burp.

In ZAP, right click from the value you want to encode or decode and then press Encode/Decode/hash

You can also use Cyberchef.io for more in depth decoding functionalities. The Recipe Magic automatically detects the format of encoded value.

Intruder

Payload Processing is an option inside Intruder that allows you to process the payload you are sending by automating several processing tasks.

We could for instance add a prefix with our payload and perform some encoding to get the desired encoded cookie that will be sent to the target.

MetasploitToBurp

To send traffic from Metasploit to Burp, you can use the metasploit option Proxies that allows you to specify a proxy.

For instance, we can use the auxiliary/scanner/http/coldfusion_locale_traversal to scan our target and capture the traffic in burp with the option Proxies.

Browser console tricks

Make sure to type "allow pasting" first on the console to be able to copy paste code.

Browser DevTools

Get Local storage via console:

Export Local Storage:

1. Open the developer console where you want to export the local storage data.

2. Use the following JavaScript to copy local storage data:

   javascript

Import Local Storage:

1. Open the developer console where you want to import the local storage data.

2. Use the following JavaScript to paste and import the copied data:

   javascript

Make sure the copied data string is valid JSON. If there are any issues in the format, it could cause parsing errors. Give it another go and let me know if you need more assistance!