Burpsuite
What is decoder?
Decodes many encodings like base64, hex, url...
How to intercept and disable intercepting requests?
Go to proxy, turn intercept off or on Note: If intercepting doesn't work while it usually works and the proxy is chosen from foxyproxy, then add a path to the victim site for burpsuite to intercept
How to intercept responses?
Go to proxy->Options-> tick intercept responses box
Intruder payload section:
In Payloads you can: 1)Choose which payload are you editing with "payload set" (in sniper mode it's only one payload while in cluster bomb it's several ones) 2)Edit payload Options (which is a list of words to test in the specified positions to be injected), from there you can add the words you want 3)Add rules to apply on payloads before sending them 4)Edit which payload symboles to be url encoded (so that they can be understood by server)
How to send a request to intruder from intercept?
In intercept press ctl+i
Intruder position section:
In positions you can: 1)Choose intruder attack type 2)Choose manually which parameters to inject by selecting them then clicking on $Add 3)Clear selected parameters with $Clear 4)Make burpsuite choose interesting parameters to inject with $auto 5)Or Refresh with $Refresh
What is intruder?
It's a burpsuite subtool to automate request attacks
What is repeater?
Repeater is a subtool in burpsuite to send custom requests
What is Pitchfork attack type?
Several payload sets : the number of payloads is equal to the number of positions In the first request, position 1 gets injected with payload 1 from set 1 AND position 2 gets injected with payload 1 from set 2 In second request, position 1 gets injected with payload 2 from set 1 AND position 2 gets injected with payload 2 from set 2 Etc..
What is Cluster Bomb attack type?
Several payload sets : the number of payloads is equal to the number of positions In this mode also position 1 is injected with payloads from set 1 and position 2 is injected with payloads from set 2... The diffrence all possible combinations are tested: set 1, payload 1 WITH set 2 payload 1 set 1, payload 2 WITH set 2 payload 1 set 1, payload 3 WITH set 2 payload 1 ... set 1, payload 1 WITH set 2 payload 2 set 1, payload 2 WITH set 2 payload 2 .... set 1, payload 1 WITH set 2 payload 3 set 1, payload 2 WITH set 2 payload 3 Etc..
What is burpsuite?
Ultimate tool for web application manual-automatic penetration testing, it : -intercepts requests responses -attacks web by automating requests with changing parameters -Saves discovered paths And more!
Intruder options section
You can configure general options like: number of failure retries, pause in ms before retry, grep options...
How to send an intercepted request to Repeater so that you can modify it?
in intercept press ctl+r You will find the same request in repeater
What is Battering ram attack type?
1 payload set: Injected positions are all replaced at the same time with the words payload
What is the sniper attack type?
1 payload set: Injected positions are replaced one by one with the words payload, when a position is replaced, the rest of positions stay like in the original request
How to do localhost trick to foce ssl on https with gobuster?
1)From burpsuite go to: proxy->options 2)Add proxy listener 3)Bind to port 80 4)Redirect to host <victim_IPv4> 5)Redirect to port 443 6)Choose force use of TLS 7)Press ok Now when you go to localhost:80, burpsuite will redirect you automatically to victim site (Don't forget to switch intercept off) With gobuster do: -p http://127.0.0.1:80/
Intruder target section:
1)You choose your target, by configuring host and port and protocole (http or https) 2)You can also skip this target config by directly sending your web browser request to intruder from burpsuite proxy intercept
How to configure it so that it works with your browser (even https requests)
1)install foxy proxy 2)From poxy proxy click add 3)choose proxy ip 127.0.0.1 4)choose proxy port 8080 (this is based on proxy options from burpsuite, it is listening by default on 127.0.0.1:8000) 5)From proxy options, click on export CA certificate, then choose a dir to save it Certificate in DER format 6)From firefox settings import certificate
How to make burpsuite use a proxy?
Configure the proxy from User Options, then scroll down