Scribd
Upload
534 views14 pages

Burp Suite Web App Hacking Guide

Burp Suite is a tool that allows security testing of web applications by intercepting traffic between the browser and server. It includes features like proxy, spider, intruder, and repeater. The proxy acts as a man-in-the-middle and can be used to modify requests before they reach the server. Requests and responses can be viewed, and the tool finds hidden files and directories.

Uploaded by

soultune.999
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
534 views14 pages

Burp Suite Web App Hacking Guide

Burp Suite is a tool that allows security testing of web applications by intercepting traffic between the browser and server. It includes features like proxy, spider, intruder, and repeater. The proxy acts as a man-in-the-middle and can be used to modify requests before they reach the server. Requests and responses can be viewed, and the tool finds hidden files and directories.

Uploaded by

soultune.999
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Burp Suite

Information Security
Burp Suite (Web App HT)
\
Group 9

R1 - Rubab Nadeem (21011519-177)


R2 - Ayesha Amjad (21011519-118)
R3 - Mehvesh Shabbir (21011519-111)

Course Code: CS-324

Semester: Fall 2023 [5th]

Degree: BSCS

Dept: Department of Computer Science, faculty of I &CT

Submitted to : Mr. Najeeb-ur-Rehman

University of Gujrat
Manual on How to hack a web app using a burp suite
Before Diving into How can we test the security of a Website, lets go
through some basics
What is Burp Suite?
Burp Suite is an integration of various tools on SearchSecurity.in. put together for performing security
testing of Web applications. Burp Suite helps the penetration tester in the entire testing process from the
mapping phase through to identifying vulnerabilities and exploiting them. This Burp Suite guide series
will help you understand the framework and make use of the features in various scenarios. The various
features of Burp Suite are shown in Figure 1. These include proxy, spider, intruder, repeater, sequencer,
decoder and comparer. As we move ahead in this Burp Suite guide, we shall learn how to make use of
them seamlessly.

Burp Proxy
Burp proxy: Using Burp proxy , one can intercept the traffic between the browser and target application.
This option works in similar fashion to the man-in-the-middle attack vector.

Steps

1. Set up Burp Suite in Kali Linux


Open Burp Suite
Continue with Start Burp

Set up Burp Suite


Click Next

Click Start Burp


The Burp will start with default settings

2. Dashboard of the Burp Suite will be Open


Click Proxy
Proxy is an Intermediate layer between your browser and external layer

Turn on Burp proxy and render some webpage. i.e, google


To see the traffic of requests Click on HTTP History

Here you will see all the request and response of all domains

To see the request and response of any domain , select the domain
3. How can we stop a request going to server and change it according to our
own requirements?
Go to Proxy >>> Intercept Tab

Turn on the Intercept


Now each and every request going to the server will stop in our burp suite until we forward
them.
Now search for something on your browser

Even when you search something on your browser, your browser wont load anything, its because the request is
not forwarding
Now we can modify the request through the burp suite

Lets change the search query from “intruder+security”


To “intruder+security+youtube”

Forward the request


Turn the intercept off to avoid stopping other requests

Switch back to browser


Now you can see the search query has been changed to “intruder security
youtube”
Now go to Target Tab
Target tab helps you to keep track of all the domain going from your proxy

In the left pane, you will see all the domain that went through your proxy
You can also see all the links that you have visited while the burp proxy is active

You can also see the hidden files and directories that are hard to reach
by normal users

This is how the request and responses can be hacked using burp suite

You might also like