We covered other components of BurpSuite such as BurpSuite Repeater, BurpSuite Sequencer, BurpSuite Encoder/Decoder & BurpSuite Comparer. Additionally, we covered BurpSuite extensions along with practical examples covered from TryHackMe other modules & Repeater room.
The Complete Practical Web Application Penetration Testing Course
Highlights
Burp Suite is a Java-based framework designed and developed to manually conduct web application penetration testing.
Burp Suite Repeater enables us to modify and resend intercepted requests to a target of our choosing. It allows us to take requests captured in the Burp Proxy and manipulate them, sending them repeatedly as needed which allow pentesters to manually explore and test websites and endpoints.
The BurpSuite Decoder doesn not only decode data intercepted during an attack but also provides the function to encode our own data, prepping it for transmission to the target. Decoder also allows us to create hashsums of data, as well as providing a Smart Decode feature, which attempts to decode provided data recursively until it is back to being plaintext.
The comparer lets us compare two strings to find the differences either by spotting the modified/added words or bytes.
Room Answers
BurpSuite: The Repeater
Which sections gives us a more intuitive control over our requests?
Inspector
Which view will populate when sending a request from the Proxy module to Repeater?
request
Which option allows us to visualize the page as it would appear in a web browser?
Render
Which section in Inspector is specific to POST requests?
Body Parameters
What is the flag you receive?
THM{Yzg2MWI2ZDhlYzdlNGFiZTUzZTIzMzVi}
See if you can get the server to error out with a “500 Internal Server Error” code by changing the number at the end of the request to extreme inputs.
What is the flag you receive when you cause a 500 error in the endpoint?
THM{N2MzMzFhMTA1MmZiYjA2YWQ4M2ZmMzh}
Exploit the union SQL injection vulnerability in the site.
What is the flag?
THM{ZGE3OTUyZGMyMzkwNjJmZjg3Mzk1NjJh}
BurpSuite: Other Modules
Which feature attempts auto-decode of the input?
Smart decode
Base64 encode the phrase: Let's Start Simple
.
What is the base64 encoded version of this text?
TGV0J3MgU3RhcnQgU2ltcGxl
URL Decode this data: %4e%65%78%74%3a%20%44%65%63%6f%64%69%6e%67
.
What is the plaintext returned?
Next: Decoding
Use Smart decode to decode this data: %34%37
.
What is the decoded text?
47
Encode this phrase: Encoding Challenge
.
Start with base64 encoding. Take the output of this and convert it into ASCII Hex. Finally, encode the hex string into octal.
What is the final string?
24034214a720270024142d541357471232250253552c1162d1206c
Using Decoder, what is the SHA-256 hashsum of the phrase: Let's get Hashing!
?
Convert this into an ASCII Hex string for the answer to this question.
6b72350e719a8ef5af560830164b13596cb582757437e21d1879502072238abe
Generate an MD4 hashsum of the phrase: Insecure Algorithms
.
Encode this as base64 (not ASCII Hex) before submitting.
TcV4QGZZN7y7lwYFRMMoeA==
Let’s look at an in-context example:
First, download the file attached to this task.
Note: This file can also be downloaded from the deployed VM with wget http://MACHINE_IP:9999/AlteredKeys.zip
— you may find this helpful if you are using the AttackBox.
Now read the problem specification below:
“Some joker has messed with my SSH key! There are four keys in the directory, and I have no idea which is the real one. The MD5 hashsum for my key is 3166226048d6ad776370dc105d40d9f8
— could you find it for me?”
key3
What does Sequencer allow us to evaluate?
Entropy
What is the overall quality of randomness estimated to be?
excellent
Are saved requests read-only? (yea/nay)
yea
Video Walkthrough