TryHackMe | Burp Suite: The Basics WriteUp
An introduction to using Burp Suite for Web Application pentesting
Link:- https://tryhackme.com/room/burpsuitebasics
Which edition of Burp Suite will we be using in this module?
Burp Suite Community
Which edition of Burp Suite runs on a server and provides constant scanning for target web apps?
Burp Suite Enterprise
Burp Suite is frequently used when attacking web applications and ______ applications.
Mobile
Which Burp Suite feature allows us to intercept requests between ourselves and the target?
Proxy
Which Burp tool would we use if we wanted to bruteforce a login form?
Intruder
In which Project options sub-tab can you find reference to a “Cookie jar”?
Sessions
In which User options sub-tab can you change the Burp Suite update behaviour?
Misc
What is the name of the section within the User options “Misc” sub-tab which allows you to change the Burp Suite keybindings?
Hotkeys
If we have uploaded Client-Side TLS certificates in the User options tab, can we override these on a per-project basis (Aye/Nay)?
Aye
Which button would we choose to send an intercepted request to the target in Burp Proxy?
Forward
[Research] What is the default keybind for this?
Note: Assume you are using Windows or Linux (i.e. swap Cmd for Ctrl).
Ctrl+F
Read through the options in the right-click menu.
There is one particularly useful option that allows you to intercept and modify the response to your request.
What is this option?
Note: The option is in a dropdown sub-menu.
Response to this request
Take a look around the site on http://MACHINE_IP/
-- we will be using this a lot throughout the module. Visit every page linked to from the homepage, then check your sitemap -- one endpoint should stand out as being very unusual!
Visit this in your browser (or use the “Response” section of the site map entry for that endpoint)
What is the flag you receive?
Check out the response to request http://IP/5yjR2GLcoGoij2ZK to get the flag
Look through the Issue Definitions list.
What is the typical severity of a Vulnerable JavaScript dependency?
Low
That’s it. See you in the next room :)
Comments
Post a Comment