Skip to main content
HashnodeUntitled Publication

Command Palette

Search for a command to run...

Burp Suite Basics -  TryHackMe Write-up

Updated
2 min read
Burp Suite Basics -  TryHackMe Write-up
B
b1gsh4d0w
Part of seriesTryHackMe Write-ups

Info

  • Name: Burp Suite: The Basics
  • Description: An introduction to using Burp Suite for Web Application pentesting.
  • Difficulty: Info
  • Room link: https://tryhackme.com/room/burpsuitebasics

Write-up

Overview

This room will cover the foundations of using the Burp Suite web application framework. We will be looking at:

  • What Burp Suite is;
  • An overview of the available tools in the framework;
  • Installing Burp Suite for yourself;
  • Navigating and configuring Burp Suite.

Task 2

Q: Which edition of Burp Suite will we be using in this module?

A: Burp Suite Community

Q: Which edition of Burp Suite runs on a server and provides constant scanning for target web apps?

A: Burp Suite Enterprise

Q: Burp Suite is frequently used when attacking web applications and __ applications.

A: mobile

Task 3

Q: Which Burp Suite feature allows us to intercept requests between ourselves and the target?

A: Proxy

Q: Which Burp tool would we use if we wanted to brute-force a login form?

A: Intruder

Task 7

Q: In which Project options sub-tab can you find reference to a "Cookie jar"?

A: Sessions

Q: In which User options sub-tab can you change the Burp Suite update behaviour?

A: Misc

Q: What is the name of the section within the User options "Misc" sub-tab which allows you to change the Burp Suite keybindings?

A: Hotkeys

Q: If we have uploaded Client-Side TLS certificates in the User options tab, can we override these on a per-project basis (Aye/Nay)?

A: Aye

Task 8

Q: Which button would we choose to send an intercepted request to the target in Burp Proxy?

A: Forward

Q: [Research] What is the default keybind for this?

A: Ctrl+F

Task 9

Q: Read through the options in the right-click menu. There is one particularly useful option that allows you to intercept and modify the response to your request. What is this option? Note: The option is in a dropdown sub-menu.

A: Response to this request

Task 13

Q: Take a look around the site on http://10.10.x.x/ -- we will be using this a lot throughout the module. Visit every page linked to from the homepage, then check your sitemap -- one endpoint should stand out as being very unusual! Visit this in your browser (or use the "Response" section of the site map entry for that endpoint) What is the flag you receive?

A: If you followed every thing you should be able to discover the flag easily.

thm_burp_blured.png

Q: Look through the Issue Definitions list. What is the typical severity of a Vulnerable JavaScript dependency?

A: Low

#tryhackme#burpsuite

Comments

Join the discussion

No comments yet. Be the first to comment.

TryHackMe Write-ups

Part 20 of 20

In this series is where I post all the write-ups of the rooms I do in the TryHackMe website.

Start from the beginning

Intro to ISAC - TryHackMe Write-up

Info Name: Intro to ISAC Description: Learn how to utilize Information Sharing and Analysis Centers to gather threat intelligence and collect IOCs. Difficulty: Easy Room link: https://tryhackme.com/room/introtoisac Write-up Task 9 Q: What is the na...

More from this blog

Untitled Publication

21 posts