Burp Suite is a web proxy tool that can be used to facilitate web Application pentest.
It comes in a community free version or a paid pro version.
It has features and extensions that allow you to customize it.
This course is made from my notes of Agarri's training (that I highly recommend if you have the opportunity) and notes from my practice.
Use your own projects settings (burp Pro only)
Launch burp
Create a new project and choose "New Project on disk"
New Project on disk
Click Next and then select "Load from configuration file"
Choose your json file and click open
project settings
Check the box "Default to the above in future" (if you need this configuration for your other projects)
Default for projects
And then click start
Use your own users settings
Regex
Regular expression are really convenient for burp customizations
You can use regex101 to familiarize yourself with regex.
Note: Burp uses Java regex.
Tips and tricks
Change body encoding
Possible to change the body encoder if you want to change a form to multipart. You just need to right clicj on the request and select "Change Body Encoding"
Change body encoding
Choose dedicated RAM amount
You can do this in BurpSuitePro.vmoptions
Disable Web interface
To be stealthier, you can disable the web interface (http://burp).
Show help
When you click on ? you can get the help dedicated to the feature you are currently using. This is also available if you are not connected to internet.
Rename tab
You can reaname your tabs. For example in the repeater, you just have to double click on it and you can rename it like this.
Renamed tab
You can group tabs together
Group tabs
Useful key shortcuts
Some of these have to be set up, you can then keep a json file with your settings and export it.
Switch between top-level tabs Ctrl Shift (D|T|P|I|R|L|E)
Send to a tool, then switch to its tab Ctrl (R|I) then Ctrl Shift (R|I) (Here R is for repeater and I for intruder)
Cycle through 2nd-level tabs Ctrl Equals and Ctrl Right_Parenthesis
Close (and re-open) 2nd-level tabs Ctrl [Shift] W
URL encoding Ctrl [Shift] U
HTML encoding Ctrl [Shift] H
Base64 encoding Ctrl [Shift] B
Close pop-up Alt F4
Colorize (with the last color used) Ctrl K
Add a comment Ctrl Shift K
Copy request as URL Ctrl Shift C
Paste URL as request Ctrl Shift V
Cut | Copy | Paste Ctrl (X|C|V)
Undo | Redo Ctrl (Z|Y)
Select all Ctrl A
Search among 2nd-level tabs Ctrl Shift S (Repeater, Intruder and Collaborator)
Jump to the search field Ctrl Tab
Search for the highlighted text Ctrl S
Go to the (previous|next) match Ctrl (Left|Right)
Go to top [and extend selection] Ctrl [Shift] Home
Go to bottom [and extend selection] Ctrl [Shift] End
Repeater
Issue request Ctrl G
Paste URL as request Ctrl Shift V
Use the history Ctrl Shift (Left|Right)
Intruder
Start attack Ctrl Space
Add payload position marker Ctrl M
Clear all markers Ctrl Shift M
Scanner
Open scan launcher Ctrl Shift Space
Open launcher with selected insertion point Ctrl Shift Enter
Collaborator
Switch to Collaborator Ctrl Shift O
Insert unique Collaborator payload Ctrl O
Proxy Interception
Switch interception status Ctrl T
Drop message Ctrl D
Forward message Ctrl F
Forward request + intercept response Ctrl Shift F
Color lines
You can color line in the history just by clicking on the id and choosing which color
Match and replace rules
Possible use cases
Make authentication easier
Write XSS instead of the actual payload
Disable CSP reporting (useful for bug bounties)
Disable CSP reporting
304 NOT MODIFIED
You can check these in match replace rules to avoid 304 NOT MODIFIED
Match replace
Fallback to XHR
"When initializing a WebSocket connection [...] the server will respond with a HTTP/1.1 101 header. Using Burp, you can use a match and replace rule in the proxy settings to change the response to a HTTP 500.
This will trick the client into believing that the WebSocket connection is not supported and force it to fall back to XHR."
Sean de Regge quoted by Agarri_fr
Export
We can export just the repeater part of a burp project
Burp wordlist
In Burp's wordlist de burp there are placeholders like this {base}
We have to change in payload processing and choose the value for the placeholder.
Burp authentication failures
If the application you are testing uses platform authentication (which normally shows as a popup login dialog within your browser), and you get authentication failure messages when your browser is configured to use Burp, then you need to configure Burp to handle the platform authentication instead of your browser.Go to the User options > Connections tab, and the Platform Authentication section.Add a new entry for each hostname used by your application, configuring the authentication type and your credentials.If you aren't sure of the authentication type, then first try NTLMv2, then NTLMv1, and then the other types.You may need to close all browser windows and open a new browser window, to prevent any browser caching from interfering with the authentication process.Check that you are not overriding these settings in the Project options > Connections tab.
Burp suite pro scan profiles is a tool to optimize your burp scan and make them focus on specific vulnerabilities
Discover Content
Go to Target -> Site map -> Right Click on target -> Engagement tools -> Discover content
It can be useful and less time consuming to select a specific endpoint and the root of the server.
Discover content
Add the settings you wish (Make sure that this option is checked "Add discovered content to suite site map" ) and then click on "Session is not running".
# Enter one VM parameter per line
# For example, to adjust the maximum memory usage to 512 MB, uncomment the following line:
# -Xmx512m
# To include another file, uncomment the following line:
# -include-options [path to other .vmoption file]
-XX:MaxRAMPercentage=50
-include-options user.vmoptions
