Advanced Web Attacks and Exploitation

Figure 5: Burp Suite proxy running

Now that the proxy service is running, we need to configure a browser. Burp Suite includes an
embedded Chromium browser that is preconfigured to proxy traffic through Burp Suite’s proxy.
We can launch it by clicking on the Proxy tab and then the Intercept tab.

Figure 6: Burp Suite Intercept tab

WEB-300 Copyright © 2022 Hide01.ir Free Learning. All rights reserved. 20

 Advanced Web Attacks and Exploitation

2.1.1.1.1

We can launch the embedded Chromium browser by clicking on either of the Open Browser
buttons on this tab.
Now that our proxy is set up, we will briefly test it. In this case we will navigate to the lab VM that
is hosting a vulnerable version of the Concord9 web application. Please note that for this course,
we have made hosts entries in our Kali Linux attacking machine that allow us to refer to the lab
machines by name.
kali@kali:~$ cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 kali

# The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# AWAE lab machines
192.168.121.103 atutor
192.168.121.112 bassmaster
192.168.121.113 manageengine
192.168.121.120 dotnetnuke
192.168.121.123 erpnext
192.168.121.126 opencrx
192.168.121.129 openitcockpit
192.168.121.132 concord
192.168.121.135 apigateway
192.168.121.138 chips
192.168.121.247 photog
192.168.121.247 sqeakr
192.168.121.249 docedit
192.168.121.251 answers
192.168.121.253 debugger
Listing 1 - Kali hosts file

Make sure to edit your /etc/hosts file on your Kali Linux box in order to reflect the
IP addresses of the vulnerable targets that can be found in your student control
panel.

If we now try to browse to the http://concord:8001/ URL, we will notice that the browser is not
completing the request since Burp Suite turns on the Intercept feature by default.

9
(Walmart, 2021), https://concord.walmartlabs.com/

WEB-300 Copyright © 2022 Hide01.ir Free Learning. All rights reserved. 21

 Advanced Web Attacks and Exploitation

Figure 7: Chromium connecting

As the name suggests, this feature intercepts requests sent to the proxy. It then allows us to
either inspect and forward a request to the target or drop it by using the appropriate buttons as
shown in Figure 8.

Figure 8: Burp Suite Intercept On/Off switch

For the purposes of this module, we can safely turn this feature off by clicking Intercept is on. The
text on the button will update to “Intercept is off”.
The HTTP history tab is fairly self-explanatory–this is where Burp Suite lists the entire session
history, which includes all requests and responses proxied through it.

WEB-300 Copyright © 2022 Hide01.ir Free Learning. All rights reserved. 22

 Advanced Web Attacks and Exploitation

Figure 9: Burp Suite history tab

Excellent. We have verified that Burp Suite is capturing our browser traffic.

2.1.2 Using Burp Suite with Other Browsers

Before we move on to some of the other tools in Burp Suite, let’s demonstrate how to configure
another browser to use Burp Suite as a proxy. In Firefox, we can do this by navigating to
about:preferences#advanced, scrolling down to Network Settings, and then clicking Settings.

Here we’ll choose the Manual option, setting the appropriate IP address and listening port. In our
case, the proxy and the browser reside on the same host, so we’ll use the loopback interface and
specify port 8080. However, if we planned on using the proxy to intercept traffic from multiple
machines, we would use the public IP address of the machine running the proxy for this setting.
Finally, we also want to check the Use this proxy server for all protocols option in order to make
sure that we can intercept every request while testing the target application.

WEB-300 Copyright © 2022 Hide01.ir Free Learning. All rights reserved. 23