Burp Suite: The Basics (Old)

March 12, 2024

Task 1: Introduction

Task 2: Getting Started - What is Burp Suite?

Task 3: Getting Started - Features of Burp Community

Task 4: Getting Started - Installation

Task 5: Getting Started - The Dashboard

Task 6: Getting Started - Navigation

Task 7: Getting Started - Options

Task 8: Proxy - Introduction to the Burp Proxy

Task 9: Proxy - Connecting through the Proxy (FoxyProxy)

Task 10: Proxy - Proxying HTTPS

Task 11: Proxy - The Burp Suite Browser (Chromium)

Task 12: Proxy - Scoping and Targeting

Task 13: Proxy - Site Map and issue Definitions

http://10.10.78.168/5yjR2GLcoGoij2ZK

Task 14: Practical - Example Attack

First we have to access the ticketing page of the website or the support page where you will put a valid contact email and the query that you have.

When we tried to put the basic XSS in the contact email input box, the system actually automatically removing the code since it have a filter that is blocking the malicious code from being inserted.

Then we just intercepted the request from the website to our burp

Replacing the original email valid input from our malicious code and we just have to click forward to render it into the webpage

<script>alert("Succ3ssful XSS")</script>

As we can see here the XSS attack is successful

Task 15: Conclusion - Room Conclusion