Skip to main content

Bug Bounty Hunting With Burp Suite (Intercept, Repeater & Intruder)

Linux, Networking & Security are the domains of my interest.

Burp Suite

Burp Suite

About Burp Suite

  • This platform is designed specifically for the testing of web applications.
  • It can also act as a Proxy.

(It is a proxy, but not in the sense that it will mask your IP address; rather, it will enable us to examine all of the packets, HTTP requests, and responses you send while accessing a page.)

  • It will allow us to intercept different requests, modify them and then forward them to the Web Page.

Configuring Burp Suite as a Proxy on Firefox

Step 1

Open up the Burp Suite GUI tool and navigate to options under the Proxy tab

Under "Proxy Listeners", add the interface as 127.0.0.1:8080 (if not already set)

Options tab under Proxy

Options tab under Proxy

Step 2

Start your web browser and navigate to

Settings →General →Network Settings

Under Configure proxy access settings use manual proxy configuration and add the same interface that we used above.

Connection settings under preferences in Firefox.

Connection settings under preferences in Firefox.

NOTE:

  • Now at this stage, you can access any “HTTP” website but when you open an “HTTPS” website you will get this type of error.
The proxy server refuses the connection.

The proxy server refuses the connection.

  • To resolve this issue you must download the Burp CA certificate and add it to our Firefox certificates.

Steps to Resolve the Above Issue

Navigate to “http://burp” & download the "cancer.der" certificate.

CA certificate download

CA certificate download

Import the certificate to Firefox by navigating to

Settings →Privacy & Security →Certificates (View Certificates) →Authorities (Import)

Importing the CA certificate

Importing the CA certificate

Now you can access any website no matter whether it uses "HTTP" or "HTTPS" protocol.

Able to access the internet

Able to access the internet

NOTE: In the event that your Burp Suite is closed, you won't be able to access any websites. So, before starting Firefox, make sure to launch the Burp Suite.

Proxy server refusing connections

Proxy server refusing connections

Commonly Used Options in Burp Suite

Note: I will be using owaspbwa vulnerable web pages to showcase the examples.

Intercept

  • Let’s consider the dvwa page in the owaspbwa vulnerable machine as our example.
Visit dvwa's Login Page, type username and password as 'test' & intercept the Login request

Visit dvwa's Login Page, type username and password as 'test' & intercept the Login request

  • If the intercept is turned on, then Burp Suite will block the traffic going out and will display the request under the Proxy→Intercept tab in the Burp Suite application.
  • Now you can modify the HTTP headers & other values then forward the request to see the changes made to the website.
Going to change the username & password field

Going to change the username & password field

  • Here we are going to change the username & password fields to "admin" then forward the request & turn off the intercept.
The packet is forwarded after changing the username to "admin" and password to "admin".

The packet is forwarded after changing the username to "admin" and password to "admin".

Successful login as admin.

Successful login as admin.

Repeater

  • With the help of a repeater, you can send a request as many times as you want with or without modification.
  • As an example, let’s reload the dvwa login page and intercept it in our Burp Suite again.
  • Now right-click and send the intercepted request to the repeater.
burpsuite-setup-with-firefox-for-bug-hunting-intercept-repeater-intruder
burpsuite-setup-with-firefox-for-bug-hunting-intercept-repeater-intruder
  • You can edit the request here, and when you submit it, you can see the changes that immediately appear on the website (under render) or the response code (under Pretty).
  • Let’s reload the login page → send to repeater → modify username & password to ‘admin’ →follow the redirection.
Here the code 302 means that we are probably going to be redirected to another page so simply click on "Follow redirection"

Here the code 302 means that we are probably going to be redirected to another page so simply click on "Follow redirection"

Successful login as admin.

Successful login as admin.

Intruder

  • It can be considered as something made for brute-force attacks.
  • Users can edit any section of the request and forward it, but we can also update specific portions of the request by reading from our list.

Example

  • For the same login page (/dvwa/login.php)
  • Reload the login page → send to Intruder →Add payloads→specify target & attack to perform → start the attack.

Add Your Payloads

burpsuite-setup-with-firefox-for-bug-hunting-intercept-repeater-intruder
  • Specify the target field and the type of attack you want to perform.
burpsuite-setup-with-firefox-for-bug-hunting-intercept-repeater-intruder
  • It's now time to start the attack.
burpsuite-setup-with-firefox-for-bug-hunting-intercept-repeater-intruder
  • Copy and paste the URL into the browser (make sure to turn off the intercept)
burpsuite-setup-with-firefox-for-bug-hunting-intercept-repeater-intruder
  • We can see that the 4th word matched our password which was "admin" (the 0th one was an empty string).

1. 30+ Standard Linux Commands for Beginner or Intermediate Users

2. Bug Bounty Hunting With Burp Suite (Intercept, Repeater & Intruder)

3. Broken Access Control (Tryhackme and Owaspbwa)

4. Html Injection (Tryhackme & Owaspbwa)

5. Command Injection (Tryhackme & Owaspbwa)

6. Website Enumeration and Information Gathering [Part 1]

7. Website Enumeration & Information Gathering [Part 2]

8. Brute Force Attack (Owaspbwa Lab, Hydra Tool)

9. Sensitive Data Exposure (Tryhackme)

10. Broken Authentication (Tryhackme and Owaspbwa)

11. Security Misconfiguration (Tryhackme)

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.

© 2022 Ashutosh Singh Patel