Tryhackme - Burp suite: The Basics

Tryhackme – Burpsuite: The Basics

In this walk through, we will be going through the Burp suite room from Tryhackme. This room covers the basics of Burpsuite, which is one of the most famous tool that is used in web application pentesting. Having this in your arsenal is a must to go further in your pentesting journey. So, let’s get started.

Burpsuite: The Basics

Task 1 – Outline

Task 1 - Outline

Task 2 – What is Burp Suite?

Question 1 – Which edition of Burp Suite will we be using in this module?

Burp Suite Community

Question 2 – Which edition of Burp Suite runs on a server and provides constant scanning for target web apps?

Burp Suite Enterprise

Question 3 – Burp Suite is frequently used when attacking web applications and __ applications.

mobile

Task 2 - What is Burp Suite?

Task 3 – Features of Burp Community

Question 1 – Which Burp Suite feature allows us to intercept requests between ourselves and the target?

proxy

Question 2 – Which Burp tool would we use if we wanted to bruteforce a login form?

Intruder

Task 3 - Features of Burp Community

Task 4 – Installation

Task 4 - Installation

Installation - 2

Task 5 – The Dashboard

Question 1 – Open Burp Suite and have a look around the dashboard. Make sure that you are comfortable with it before moving on.

Done

Task 5 - The Dashboard

Task 6 – Navigation

Question 1 – Get comfortable navigating around the top menu bars.

Done

Task 6 - Navigation

Task 7 – Options

Question 1 – Change the Burp Suite theme to dark mode

Done

Question 2 – In which Project options sub-tab can you find reference to a “Cookie jar”?

Sessions

Question 3 – In which User options sub-tab can you change the Burp Suite update behaviour?

Misc

Question 4 – What is the name of the section within the User options “Misc” sub-tab which allows you to change the Burp Suite keybindings?

Hotkeys

Question 5 – If we have uploaded Client-Side TLS certificates in the User options tab, can we override these on a per-project basis (Aye/Nay)?

Aye

Question 6 – There are many more configuration options available. Take the time to read through them.

Done

Task 7 - Options

Task 8 – Introduction to the Burp Proxy

Question 1 – Which button would we choose to send an intercepted request to the target in Burp Proxy?

Forward

Question 2 – What is the default keybind for this?

Ctrl+F

Task 8 - Introduction to the Burp Proxy

Task 9 – Connecting through the Proxy (FoxyProxy)

Question 1 – There is one particularly useful option that allows you to intercept and modify the response to your request.

Response to this request

Question 2 – [Bonus Question — Optional] Try installing FoxyProxy standard and have a look at the pattern matching features.

Done

Task 9 - Connecting through the Proxy (FoxyProxy)

Task 9 – Proxying HTTPS

Question 1 – If you are not using the AttackBox, configure Firefox (or your browser of choice) to accept the Portswigger CA certificate for TLS communication through the Burp Proxy.

Done

Task 9 - Proxying HTTPS

Task 10 – The Burp Suite Browser

Question 1 – Using the in-built browser, make a request to http://10.10.84.79/ and capture it in the proxy.

Done

HTTP GET request

Task 10 - The Burp Suite Browser

Task 11 – Scoping and Targeting

Question 1 – Add http://10.10.84.79/ to your scope and change the Proxy settings to only intercept traffic to in-scope targets.

Done

Task 11 - Scoping and Targeting

Task 13 – Site Map and Issue Definitions

Question 1 – What is the flag you receive?

Burpsuite Crawler

THM{NmNlZTliNGE1MWU1ZTQzMzgzNmFiNWVk}

Question 2 – What is the typical severity of a Vulnerable JavaScript dependency?

Low

Task 13 - Site Map and Issue Definitions

Task 14 – Example Attack

We will start by taking a look at the support form at http://10.10.84.79/ticket/:

support contact box

In a real-world web app pentest, we would test this for a variety of things: one of which would be Cross-Site Scripting (or XSS). If you have not yet encountered XSS, it can be thought of as injecting a client-side script (usually in Javascript) into a webpage in such a way that it executes. There are various kinds of XSS — the type that we are using here is referred to as “Reflected” XSS as it only affects the person making the web request.

Try typing: <script>alert("Succ3ssful XSS")</script>, into the “Contact Email” field. You should find that there is a client-side filter in place which prevents you from adding any special characters that aren’t allowed in email addresses:

contact box

Fortunately for us, client-side filters are absurdly easy to bypass. There are a variety of ways we could disable the script or just prevent it from loading in the first place.

Let’s focus on simply bypassing the filter for now.

First, make sure that your Burp Proxy is active and that the intercept is on.

Now, enter some legitimate data into the support form. For example: “[email protected]” as an email address, and “Test Attack” as a query.

Submit the form — the request should be intercepted by the proxy.

With the request captured in the proxy, we can now change the email field to be our very simple payload from above: <script>alert("Succ3ssful XSS")</script>. After pasting in the payload, we need to select it, then URL encode it with the Ctrl + U shortcut to make it safe to send. This process is shown in the GIF below:

Burpsuite capturing request

XXS test

Burpsuite capture

Finally, press the “Forward” button to send the request.

You should find that you get an alert box from the site indicating a successful XSS attack!

Successful XSS

Task 15 – Room Conclusion

Task 15 - Room Conclusion

Also Read: Tryhackme – Brooklyn nine nine

Conclusion:

Conclusion

So that was it. We started with the basics from installation to covering various options in the tool. Going further, we understand how to configure the Foxyproxy plugin for burpsuite. Next, we learned how to capture request and how to manipulate it as per our requirement. With this in mind, try to play with some web apps and get more familiar with this tool. Till then, i will take your leave, but remember to “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top