UNIT-4

BURP SUITE
Q 1. What is Burp Suite? What are its key features?

Ans. Burp Suite is a web application testing tool that can be used to test for vulnerabilities in web
applications. It is a suite of penetration testing tools designed for web applications and websites. it’s a
software that enables you to attack websites and web servers to figure out their vulnerabilities. It was
developed by Portswigger, a cybersecurity and web application development company. As its name
implies, “Burp Suite” is not just one tool but a suite of several tools. The suite consists of 8 tools, each
with specific features. The tools include:

1. Spider

2. Proxy

3. Intruder

4. Repeater

5. Sequencer

6. Decoder

7. Extender

8. Scanner

Aside from penetration testing, Burp Suite is also applicable for bug bounty and website hacking.

Some key features of Burp suite are:

Proxy : It allows you to intercept as well as modify the traffic passing between the browser and web
application.

Intruder: It is used for automated attacks such as Brute force attacks & SQL Injection.

Repeater: It is used for manual testing of individual requests

Scanner: Its is used for automated vulnerability scanning

Extender: It allows you to add custom functionality to Burp suite.

Q 2. What is proxy server? How does it work ?

Ans. A proxy server is a system or router that provides a gateway between users and the internet.
Therefore, it helps prevent cyber attackers from entering a private network. It is a server, referred to as
an “intermediary” because it goes between end-users and the web pages they visit online. When a
computer connects to the internet, it uses an IP address. A proxy server is essentially a computer on the
internet that has an IP address of its own.
Proxies provide a valuable layer of security for your computer. They can be set up as web filters
or firewalls, protecting your computer from internet threats like malware.

Working of proxy:

Because a proxy server has its own IP address, it acts as a go-between for a computer and the internet.
Your computer knows this address, and when you send a request on the internet, it is routed to the
proxy, which then gets the response from the web server and forwards the data from the page to your
computer’s browser, like Chrome, Safari, Firefox, or Microsoft Edge.

1. Client Request: Your browser is configured to use a specific proxy server.

2. Proxy Interception: The proxy server receives your web request.

3. Proxy Request: The proxy makes its own request to the target website using its own IP
address, essentially acting on your behalf.

4. Server Response: The website sends the response back to the proxy server.

5. Forwarding and Filtering: The proxy may filter, modify (rare), or simply forward the response
back to you.

Q 3. How to intercept proxies using Burp Suite?

Ans. Burp Suite is a powerful web application security testing tool that allows you to intercept and
modify HTTP/HTTPS traffic between your browser and the target web server. This feature enables you to
analyze and manipulate requests and responses in real-time, making it an essential tool for identifying
vulnerabilities and weaknesses in web applications.

Configuring Burp Suite’s Intercepting Proxy

To enable intercepting proxies in Burp Suite:

1. Start Burp Suite and navigate to the Proxy tab.

2. Click on Options and ensure that the Proxy Listener is running on the default port
(usually localhost:8080).

3. In your browser (e.g., Chrome), go to Settings > Advanced > Open Proxy settings.

4. Set the proxy server to localhost:8080 (or the port you specified in Burp Suite).
 5. Restart your browser.

Intercepting a Request

Once the proxy is configured, you can intercept a request by:

1. Visiting a website in your browser.

2. Burp Suite will pause the request and display it in the Proxy > Intercept tab.

3. You can analyze the request details and modify it as needed.

4. Click Forward to send the modified request to the server.

5. Alternatively, click Drop to cancel the request.

Q 4. What can be the Benefits of intercepting proxies?

Ans. 1. Security: Intercepting proxies can improve security by inspecting and modifying traffic before
it reaches the server, helping to protect against malware, phishing attacks, and other threats.

1. Performance: Intercepting proxies can cache content and optimize traffic, improving the speed
and responsiveness of web applications.

2. Content filtering: Intercepting proxies can block access to malicious or inappropriate websites,
reducing the risk of malware infections and data breaches.

3. Anonymity: Intercepting proxies can mask the true origin of a request, allowing users to browse
the web anonymously and bypass geo-blocking restrictions.

4. Load balancing: Intercepting proxies can distribute traffic across multiple servers, improving the
scalability and reliability of web applications.

5. Debugging: Intercepting proxies can capture and analyze traffic, making it easier to debug and
troubleshoot web applications.

6. Reverse engineering: Intercepting proxies can be used to analyze and modify web traffic,
allowing developers to reverse-engineer web applications and identify vulnerabilities.

7. Testing: Intercepting proxies can be used to test web applications for security vulnerabilities and
perform penetration testing.

8. Monitoring: Intercepting proxies can monitor web traffic and detect suspicious activity, enabling
organizations to identify and respond to potential security threats.

9. Compliance: Intercepting proxies can help organizations comply with regulatory requirements,
such as data protection and privacy regulations.

Q 5. What is burp proxy?

Ans. Burp Proxy is a core feature within the Burp Suite toolkit specifically designed for web application
security testing. The core purpose is to serve as Man-in-The-Middle for Web Traffic:
  Interception: Burp Proxy sits between your web browser and the target web application. This
allows you to view all HTTP/HTTPS traffic passing between the two in real-time.

 Analysis: Analyze intercepted requests and responses in incredible detail. You’ll see headers, URL
parameters, and the complete contents of form submissions and server responses. Perfect for
understanding exactly how the application communicates.

 Modification: Burp Proxy isn’t just passive. You can alter any aspect of the captured traffic
before forwarding it. This is the foundation for advanced security testing.

Key use cases for Burp Proxy are:

1. Manual Security Testing:

 Vulnerability Discovery: Modify requests to probe for flaws like SQL injection, cross-site
scripting (XSS), broken access controls, and more.

 Mapping Application Logic: Intercept traffic and study the flows to understand how an
application functions, aiding in more focused test case design.

 Content Manipulation: Change content on the fly to assess server responses and
potentially uncover hidden functionality.

2. Debugging and Troubleshooting:

 Pinpoint Request/Response Issues: Deep inspection for diagnosing communication

errors, performance problems, and unexpected server responses.

3. Integration with Other Burp Suite Tools:

 Repeater: Send intercepted requests to Burp Repeater for repetitive testing with precise
modifications to pinpoint and exploit vulnerabilities.

 Intruder: Use Burp Intruder to automate attacks that leverage captured traffic as
templates for fuzzing and brute-forcing parameters.

 Scanner: Burp’s automated vulnerability scanner works together with the proxy to
discover flaws on a broad scale.

Q 6. How to do Burp Proxy configuration?

Ans. 1. Burp Proxy Launch:

Start Burp Suite and within the initial dashboard, you may temporarily use the default
configuration and click “Start Burp.”

2. Proxy Listener Setup:

 Navigate to the “Proxy” tab -> “Options” tab.

 You should see an existing “Proxy Listener” running – usually on localhost, port 8080.
This is where Burp will listen for traffic. Note the port number.
 3. Browser Configuration:

 Firefox:

 Preferences -> Network Settings -> Settings

 Select “Manual proxy configuration”

 Set “HTTP Proxy” to “localhost” and the “Port” to your Burp listener port (e.g.,
8080)

 Tick “Use this proxy server for all protocols”

 Chrome:

 Settings -> System -> Open your computer’s proxy settings

 Follow platform-specific configuration (it should mirror Firefox’s settings)

Q 7. How to utilize burp repeater?

Ans.1. Sending to Repeater:

 Right-click anywhere in the intercepted request/response area.

 Select “Send to Repeater.”

2. Repeater Tab:

 Navigate to the “Repeater” tab in Burp Suite. You’ll see your request.

3. Manipulation and Re-Issuing:

 Freely modify any part of the request (headers, parameters, methods, etc.)

 Hit “Go” to resend the modified request. The response will appear alongside.

 Experiment! Change variables, introduce unexpected input, and observe how the server
reacts.

Q 8. what is burp repeater? What are its key features?

Ans. Burp Repeater is a powerful tool in Burp Suite, a web application security testing framework. It
enables you to manually manipulate and resend individual HTTP requests to a target server, allowing for
in-depth analysis and testing of web applications.

Key Features

1. Request Editing: Modify captured requests or create new ones manually, similar to using cURL.

2. Request History: Each Repeater tab maintains its own history of requests, allowing you to
navigate backwards and forwards through previous requests and responses.

3. Request Sending: Send requests to the target server and view the responses, including graphical
representations.
 4. Options: Control Repeater’s behavior with options such as automatic updating of the Content-
Length header, unpacking of compressed content, and following of redirections.

5. Tab Management: Easily manage Repeater’s request tabs by renaming, reordering, and opening
new tabs.

Use Cases

1. Manual Testing: Use Repeater to manually test and explore web application vulnerabilities, such
as input-based vulnerabilities, logic flaws, and response manipulation.

2. Request Payload Analysis: Analyze and manipulate request payloads to identify and confirm
vulnerabilities.

3. Response Analysis: Study server responses to understand how the application behaves under
different input conditions.

4. Vulnerability Verification: Verify vulnerabilities identified by Burp Scanner or other tools by

manually reissuing requests with modified input.

Q 9. What is cross site request forgery?

Ans. Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions
on a web application in which they’re currently authenticated. With a little help of social engineering
(such as sending a link via email or chat), an attacker may trick the users of a web application into
executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can
force the user to perform state changing requests like transferring funds, changing their email address,
and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

Examples of CSRF attacks:

 Forcing a user to transfer funds

 Changing a user’s email address

 Changing a user’s password

 Submitting or deleting a record

Q 10. How does CSRF work?

Ans. A Cross-Site Request Forgery (CSRF) attack works by tricking a user into performing an unintended
action on a web application that they are authenticated to.

1. Vulnerable Web Application: A web application, often referred to as the “target” or “victim”, has
a vulnerability in its CSRF protection. This vulnerability allows an attacker to craft a malicious
request that the application will treat as legitimate.

2. Attacker’s Goal: The attacker aims to induce the user to perform a state-changing action on the
vulnerable web application without their knowledge or consent. This action can be anything,
such as:
 o Transferring funds

o Changing email addresses or passwords

o Deleting data

o Executing a specific command or function

3. Malicious Request: The attacker creates a malicious HTML page or embeds malicious JavaScript
code that generates a forged request to the vulnerable web application. This request is designed
to mimic a legitimate user interaction, making it difficult for the application to distinguish it from
a genuine request.

4. User Interaction: The attacker tricks the user into visiting the malicious page or clicking on a link
that triggers the forged request. This can be done through various means, such as:

o Phishing emails or messages

o Social engineering tactics

o Compromised websites or ads

o Malware or viruses

5. Browser Submission: When the user interacts with the malicious page or link, their browser
sends the forged request to the vulnerable web application, along with their authenticated
session cookie.

6. Application Trust: The web application trusts the user’s browser and session cookie, assuming
that the request is legitimate and originates from the authenticated user.

7. State Change: The web application processes the forged request as if it were a genuine user
action, resulting in the unintended state change (e.g., transferring funds, changing email
addresses).

8. Attack Success: The attacker achieves their goal, exploiting the trust between the user’s browser
and the vulnerable web application.

Q 11. how to prevent CSRF attack?

Ans. To prevent CSRF (Cross-Site Request Forgery) attacks, following are some measures that we can
follow :

1. Use CSRF tokens: Generate a unique, unpredictable, and session-bound token for each user
session. Include this token in relevant forms or API requests. Verify the token on the server-side
to ensure it matches the expected value for the user’s session. Reject requests without a valid
token or with an invalid token value.

2. Implement Same Site cookies: Set the Same Site attribute to “Strict” or “Lax” for cookies that
contain sensitive information. This restricts cookies from being sent with cross-site requests,
making it harder for attackers to steal or manipulate them.
3. Verify Referrer header: Check the Referrer header in HTTP requests to ensure it originates from
the same domain as your application. However, be aware that this method is not foolproof, as
the Referrer header can be spoofed or omitted in certain scenarios.

4. Use custom headers: Verify the presence of custom headers and values across AJAX endpoints
on the server-side. This approach is suitable for REST services and can be added easily. However,
it’s insufficient for protecting forms, which require additional security measures like tokens.

5. Generate tokens securely: Use a cryptographically secure pseudo-random number generator

(CSPRNG) to generate tokens. Seed the generator with a timestamp and a static secret to ensure
high entropy and unpredictability.

6. Store tokens securely: Do not store tokens in session cookies. Instead, include them in hidden
form parameters or API request bodies.

7. Monitor and log requests: Regularly monitor and log requests to detect and respond to
potential CSRF attacks.

8. Keep tokens short-lived: Consider generating new tokens for each request or session to
minimize the window of opportunity for attackers.

9. Use a token validation mechanism: Implement a robust token validation mechanism on the
server-side to detect and reject invalid or tampered tokens.

10. Keep your application and dependencies up-to-date: Regularly update your application and
dependencies to ensure you have the latest security patches and mitigations.