Burp Suite: Other Modules

March 09, 2024

Task 1: Introduction

Task 2: Decoder: Overview

Task 3: Decoder: Encoding/Decoding

Burp Suite

First we just have to use the encode as then base64 it

Let's Start Simple

We just have to decode it by using decode as URL

%4e%65%78%74%3a%20%44%65%63%6f%64%69%6e%67

Just use the smart decode and it will reveal the answer itself

%34%37

Start with base64 encoding. Take the output of this and convert it into ASCII Hex. Finally, encode the hex string into octal.

Encoding Challenge

Task 4: Decoder: Hashing

First hash this in SHA-256 then we just have to encode it to ASCII hex

Let's get Hashing!

Then for this one we just have to hash this in MD4 then encode it to base64

Insecure Algorithms

For this task we have to download the zip file then just unzip it to reveal a directory that contains a bunch of SSH keys

After we view it to sublime text we can see the private ssh key here and we are just going to copy it.

Then here we are just going to use hash in MD5 hashsum and for the second one we are going to use the encode as ASCII hex to reveal the answer

PS. DONT FORGET THE NEWLINE AT THE END OF SSH PRIVATE KEY

Task 5: Comparer: Overview

Task 6: Comparer: Example

The first one we are going to visit the URL http://MACHINE_IP/support/login

Then just put a random stuff in the username and password

Dont forget to use the proxy and intercept the POST request

Once we capture the POST request, we can see the username and password here in the Raw Data. Then we just have to forward it to Repeater section.

First we have to forward this request to Comparer

Second we have to forward this request to Comparer but as you notice we changed the username and password parameter from asd to qwerty

Here at Comparer section we can just view the difference between the two responses from the POST request.

Task 7: Sequencer: Overview

Task 8: Sequencer: Live Capture

Task 9: Sequencer: Analysis

Task 10: Organizer: Overview

Task 11: Conclusion