Web Application Proxies:Burpsuite

Burpsuite Package Description:

Burpsuite can be used as a sniffing tool between your browser and the web servers to find the parameters that the web application uses.

To open Burpsuite, go to Applications → Web Application Analysis → burpsuite.

To make the setup of sniffing, configure burpsuite to behave as a proxy. Go to Proxy → Options; Check the box under Running for interface 127.0.0.1.

In this case, the proxy IP will be 127.0.0.1 with port 8080. Then configure the browser proxy which is the IP of burpsuite machine and the port.

To start interception, in Burpsuite go to Proxy → Intercept → click “Intercept is on”.

Continue to navigate on the webpage that you want to find the parameter to test for vulnerabilities.

In Burpsuite, Go to “HTTP History”. The line marked in red arrow shows the last request. In Raw and the hidden parameter such as the Session ID and other parameter such as user name and password has been underlined in red.

Once you have confirmed that the proxy listener is up and running, you need to configure your browser to use it as its HTTP proxy server. To do this, you change your browser's proxy settings to use the proxy host address (by default, 127.0.0.1) and port (by default, 8080) for both HTTP and HTTPS protocols, with no exceptions. This ensures that all HTTP and HTTPS traffic will pass through Burp.

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Burpsuite Usage Example:

root@kali:~# burpsuite