Open in app

Sign in

Write

Sign in

Try Hack me Burp suite -VIP Room

mohomed arfath
5 min readNov 23, 2020

--

today I am going to give a walkthrough about TryHackMe BurpSuite room(BOX). Which is a super simple room. which give you all the basic knowledge about this tool and how to use this to do penetration testing using Owasp juice-shop.

I hope you will enjoy this …

Task 3 — getting CA certificate

before we use the Burp Suits we need to some proxy changes to our browser which is shown below image

so when ever we start using the Burp-suite we need to change the settings all the time its take lot of time
there for there is a pugging call Foxy Proxy

Configure Foxy Proxy

after we install the this plugin in our browser we need to configurations to it

then we can chose the proxy mood like shown below

first we need to open the Burp suits application

then we need to start the intercept function on and go to http://localhost:8080 this link then we will be getting the CA certificate

now we need to import this certificate in to our web browser

Fire Fox => preferences → privacy & security → view certificate

then we click the import and select the certificate and import it to browser

Task 4— Overview of Features

Task 6 — Proxy

By default, the Burp Suite proxy listens on only one interface. What is it? Use the format of IP:PORT

127.0.0.1:8080

Return to your web browser and navigate to the web application hosted on the VM we deployed just a bit ago. Note that the page appears to be continuously loading. Change back to Burp Suite, we now have a request that’s waiting in our intercept tab. Take a look at the actions, which shortcut allows us to forward the request to Repeater?

CTRL-R

How about if we wanted to forward our request to Intruder?

CTRL-I

Burp Suite saves the history of requests sent through the proxy along with their varying details. This can be especially useful when we need to have proof of our actions throughout a penetration test or we want to modify and resend a request we sent a while back. What is the name of the first section wherein general web requests (GET/POST) are saved?

HTTP history

Defined in RFC 6455 as a low-latency communication protocol that doesn’t require HTTP encapsulation, what is the name of the second section of our saved history in Burp Suite?

WebSockets history

Before we move onto exploring our target definition, let’s take a look at some of the advanced customization we can utilize in the Burp proxy. Move over to the Options section of the Proxy tab and scroll down to Intercept Client Requests. Here we can apply further fine-grained rules to define which requests we would like to intercept. Perhaps the most useful out of the default rules is our only AND rule. What is it’s match type?

URL

How about it’s ‘Relationship’? In this situation, enabling this match rule can be incredibly useful following target definition as we can effectively leave intercept on permanently (unless we need to navigate without intercept) as it won’t disturb sites which are outside of our scope — something which is particularly nice if we need to Google something in the same browser.

Is in target scope

Task 8 — putting it on repeater

Now we need to connect to the server using VPN then we need to deploy the machine which the allocate for us

Now that we’ve sent the request to Repeater, let’s try adjusting the request such that we are sending a single quote (‘) as both the email and password. What error is generated from this request?

SQLITE_ERROR

What field do we have to modify in order to submit a zero-star review?

rating

Task 9 — There’s an intruder

there are 4 type of payload delivery methods in Burp Suite those are

Battering Ram
Sniper
Pitchfork
Cluster Bomb

Which attack type allows us to select multiple payload sets (one per position) and iterate through them simultaneously?

Pitchfork

How about the attack type which allows us to use one payload set in every single position we’ve selected simultaneously?

Battering Ram

Which attack type allows us to select multiple payload sets (one per position) and iterate through all possible combinations?

Cluster Bomb

Perhaps the most commonly used, which attack type allows us to cycle through our payload set, putting the next available payload in each position in turn?

Sniper

Finally, click ‘Start attack’. What is the first payload that returns a 200 status code, showing that we have successfully bypassed authentication?

a’ OR 1=1 —

Task 10

Parse through the results. What is the effective estimated entropy measured in?

bits

In order to find the usable bits of entropy we often have to make some adjustments to have a normalized dataset. What item is converted in this process?

token

Task 10 — Decode and Comparer

What character does the %20 in the request we copied into Decoder decode as?

Space

Similar to CyberChef, Decoder also has a ‘Magic’ mode where it will automatically attempt to decode the input it is provided. What is this mode called?

Smart Decode

What can we load into Comparer to see differences in what various user roles can access? This is very useful to check for access control issues.

site maps

Comparer can perform a diff against two different metrics, which one allows us to examine the data loaded in as-is rather than breaking it down into bytes?

Words

So folks that all for today see you soon..!!!!!!!!!!!!!

Tryhackme Walkthrough
Tryhackme
Walkthrough Burp Suite
Tryhackme Burp Suite

--

--

mohomed arfath
mohomed arfath

Written by mohomed arfath

274 Followers
8 Following

Security Engineer as profession rest is Classified

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams