Tryhackme - Burpsuite: Repeater

Tryhackme – Burpsuite: Repeater

In this walk through, we will be going through the Burp suite Repeater room from Tryhackme. This room will dive into one of the more powerful aspects of the framework, namely: the Burp Suite Repeater module. So without any delay, let’s get started.

Burpsuite: Repeater

Task 1 – Outline

Task 1 - Outline

Task 2 – What is Repeater?

Repeater tab overview

Question 1 – Familiarise yourself with the Repeater interface.


Task 2 - What is Repeater?

Task 3 – Basic Usage

request capture

capturing the request

Request and Response

Question 1 – Capture a request to in the Proxy and send it to Repeater.


Task 3 - Basic Usage

Task 4 – Views


Question 1 – Experiment with the available view options.


Question 2 – Which view option displays the response in the same format as your browser would?


Task 4 - Views

Task 5 – Inspector


Request Attributes

Question 1 – Get comfortable with Inspector and practice adding/removing items from the various request sections.


Task 5 - Inspector

Task 6 – Example

Question 1 – Capture a request to in the Proxy and send it to Repeater.


Get / HTTP/1.1

Question 2 – Send the request once from Repeater — you should see the HTML source code for the page you requested in the response tab.


Repeater tab

Using Inspector (or manually, if you prefer), add a header called FlagAuthorised and set it to have a value of True. Send the request. What is the flag you receive?



Request and Response


Task 6 - Example

Task 7 – Challenge

Question 1 – Capture a request to one of the numeric products endpoints in the Proxy, then forward it to Repeater.


Get /products/2 HTTP/1.1

Question 2 – See if you can get the server to error out with a “500 Internal Server Error” code by changing the number at the end of the request to extreme inputs. What is the flag you receive when you cause a 500 error in the endpoint?

Get request

500 Internal Server Error

Flag in response

Flag in render


Task 7 - Challenge

Task 8 – SQLi with Repeater

Question 1 – Let’s start by capturing a request to in the Burp Proxy. Once you have captured the request, send it to Repeater with Ctrl + R or by right-clicking and choosing “Send to Repeater”.


Request capture

Question 2 – What is the flag?

Sqli capture

Task 8 flag


Task 8 - SQLi with Repeater

Task 9 – Conclusion

Task 9 - Conclusion

Also Read: Tryhackme – Brute It



So that was it. The room took us through us the journey of the most used Burpsuite module – Repeater. We understand how to capture and forward request using Repeater. Further we used repeater to manipulate the request and performed SQL injection attack on the target to get some flags. On that note, i will take off for a nap but remember to “Keep hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top