TryHackMe: Burp Suite

  1. For BurpSuite to be able to read and intercept HTTPS data, we’ll have to install CA certificate → Go to http://localhost:8080 → Click on ‘CA Certificate’ in the top right to download and save the CA certificate → Go to your browser settings → Search for ‘Certificates’ → Click on ‘View Certificates’ → In the Authorities tab, click on ‘Import’ → Navigate to where you saved the CA certificate and click OK.
  2. Open Firefox and install FoxyProxy browser extension so that we can easily route traffic through it. Click on FoxyProxy → Click on ‘Options’ → Click ‘Add’ in the top left → Enter the following details: Title = “Burp” || Proxy Type = “HTTP” || Proxy IP Address = “127.0.0.1” || Port = “8080”.
  1. Search for POST request for /api/feedbacks/ under “Proxy” section | “HTTP History” tab → Right click and select “Send to Repeater”.
  2. Under “Repeater” section → Search for “Rating” field → Change the value to 0.
Pitchfork
Battering Ram
Cluster Bomb
Sniper
  1. Select the “Payloads” tab → Go to “Payload Options” subsection → Click on “Load” to load this fuzzdb SQLi platform detection list.
  2. Under the same “Payloads” tab → Go to “Payload Encoding” section → Uncheck the tickbox as we don’t want any encoding to happen.
  3. Click “Start Attack”.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
goay xuan hui

goay xuan hui

A food lover, a cyber security enthusiast, a musician and a traveller, so you will see a mix of different contents in my blog. ☺️