 |
| Basic introduction of burp suite hackers must know |
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
In others words burp suite is the most important tool If you have done this tool you have done 25% of hacking because in every steps of your hacking you need to use burp suite.
The Burp tools you will use for particular tasks are as follows:
· Intruder - This allows you to perform customized automated attacks, to carry out all kinds of testing tasks.
· Collaborator client - This is used to generate Burp Collaborator payloads and monitor for resulting out-of-band interactions.
· Decoder - This lets you transform bits of application data using common encoding and decoding schemes.
· Comparer - This is used to perform a visual comparison of bits of application data to find interesting differences.
Steps to configure burp suite:
1.Go to http://burp
2. Download CA Certificate
3. Go to Browser -> Preferences | Options -> certificate -> View Certificate -> Import
Note: Mark on trust all certificate issues
Burp Suite Steps to Use
1. Proxy à Option à Note down ip 127.0.0.1 à Come to browser (genuine page) à Browser Settings à Advance à Networks à Settings à Manual Proxy Configuration à HTTP Proxy 127.0.0.1 & Port 8080 à Select Tick Option “Use this proxy for all protocols” (*No Proxy for*) clear all files there à Click OK à Back to burp suite
2. Go to Proxy à Intercept à Click Intercept Is Off and turn it on *should be seen as intercept is on*
3. Go to Browser à Give input for username and password à login à Burp Suite opens itself showing packet capture à Select the input packet à Right Click à Send to intruder à Switch off Intercept
4. Go to Intruder à Positions à Clear Packets à Select username input and click add à Select password and click add à to select multiple input use cluster bomb option
Usage of Burp suite:
Spider- its mainly use for crawling all the URL in the target website
Basically what you have to do that open Burp suite and just make proxy is on and try intercept the request from target.com and right click in the request field and send to the spider.
After that click on the target and and right click on your target.com and click spider this host that’s it you are done.
Now it will do crawl whole website instead of checking on live website one by one here you can find out every parameter as you need.
Basically it is the second step after crawling the website through spider so what you have to do is the simple just in the spider field right click on any parameter and send it to the repeater now you are in repeater field form here you can modify your code and could see live whats happening there through rendering.
Intruder-This allows you to perform customized automated attacks, to carry out all kinds of testing tasks
So in the intruder field you can brute force lets take an example lets say you want to brute force someone account you do not know the user name and password so simply you will intercept the request with invalid credentials.
After intercepting the request send it into the intruder and set the position (mark or add the your name and password) set the payload if you want to your own dictionary you can otherwise you can use built in from the burp suite and click on start attack on right top that’s it your are done
So this was the basic introduction of burp suite I hope this would be helpful for you if you find any mistake let me guys thank you
0 Comments: