Burp is among the highest-rated security suites for pentesting and moral hacking . While there are paid professional and enterprise editions, you can set up the group version for free and even use it directly from Kali Linux.
The Burp suite is widely used by security professionals to perform superior scanning and various visitor interceptions (e.g. HTTP requests). The device, maintained by PortSwigger, offers complete documentation .
There are dedicated sections for completely different editions. While the corporate and professional variations are expensive, they offer more options that will make sense for your group, so don't go with the free group version just because it's free. Cybersecurity instruments often pay for themselves within the prices saved from prevented breaches, which can run into thousands and thousands for a single breach.
However, the free version offers a lot, so let's evaluate some basics here.
Additionally, learn: 10 Main Open Supply Penetration Testing Instruments
Configure Burp on VMs for security
The best strategy to start with Burp is to place some digital machines so that you can take your exams in protected situations. In fact, you don't need to install Kali Linux, because the Burp package will install as a standalone package on most working systems, along with the relatively current macOS M1.
Newcomers should probably stick to Ubuntu or Debian Linux distributions and get the installer , as Kali is impressive and is a more powerful operating system for pentesters and moral hackers.
The Burp package has many advanced features, but the most popular is the Burp proxy, which can intercept requests. If it is essential to check this feature, it is essential to configure the browser to use the appropriate proxy. There are browser extensions to make the job easier.
In any case, you will want the next components for the exams:
- a machine with Burp Suite installed (use the default presets to speed up setup)
- a browser configured with the Burp proxy (Firefox on Kali is the simplest way)
- an internet application to rob
Additionally, learn: How hackers use reconnaissance – and methods to protect it
Methods for setting up a Burp Suite demo
You can configure the Burp package on your system or use the pre-packaged template in Kali Linux, but that won't let you know what to do with it.
With this information, let's focus on pen tests. From this perspective, OWASP high ten It may well be useful for setting objectives and configuring an entire work session, but here we will only show some vulnerabilities.
We will use OWASP Juice Store, “essentially the most modern and complicated insecure internet software,” as the weak target.
The OWASP groups maintain this faulty internet application for academic functions. Follow this link for instructions on how to configure it on your system (e.g. Kali VM).
Additionally, you will need Node and NPM, which are not installed by default in Kali Linux. Once you have them, you can start the application with an npm begin and go to http://localhost:3000:
Make sure the browser uses the proxy at 127.0.0.1 (Burp's default port is 8080). If you don't know how to configure it, learn the documentation .
After placing and configuring all dependencies, you are ready for the following steps.
Additionally, learn: OWASP names a new major vulnerability for the first time in years
How do you intercept requests using Burp?
There are so many issues related to Juicy Store, but let's say we need to intercept record types. We can emulate this attack by opening Burp (make sure interception is enabled) and sending a type.
The screenshot above shows how we did it. Take a look at the intercepted request below:
If we send this to the Repeater feature, we can actually register new customers directly from our dashboard by sending the same request with new values. As a result of the application is flawed, it actually works:
We can click “submit” to register a new person and obtain additional data:
The way seems to create customers with the position of “buyer”, however, as pentesters, we will probably test whether we will receive the next position, equivalent to “administrator” or “admin”. It's not expected to happen, but when we get it, it's game over for the store.
There are several approaches, but a simple one might be to take the record type we intercepted earlier, add a new “position=admin” key-value pair, and send the created request:
As you can see, we got a “success” rating, and after logging in with our new admin account, we simply resolved a new issue:
Since the OWASP groups created the Juicy Store for academic functions, there are several challenges to unlock before we take full control of the environment, but it's a great start.
Additionally, learn:
Is pentesting simple using Burp?
We're only using the free group version, but its elegant interface still gives us value. You get all the pieces you need to take knowledge, convert it to various codecs, decode and replay requests, or scan for vulnerabilities.
You can also customize Burp's conduct with the retailer BApp . There are free extensions even for the group version.
Pentesters will admire the workspace and the power to create initiatives to keep matters organized and save work. There is an intruder mode to load malicious payloads and send them to the objective.
Learn below: Top 10 Open Source Vulnerability Assessment Instruments
