Test More Intelligently Using Burp Suite's Professional

Use Burp Suit like a Boss

Burp Suite is a popular web application testing tool that is widely used by security professionals to identify and exploit vulnerabilities in web applications. It provides a range of powerful features and tools that make it an essential tool for any security testing team. In this blog, we will discuss some tips and tricks for using Burp Suite effectively.

 

Use extensions

There are several extensions for Burp Suite that can provide the tool further features.

Extensions are available for everything from vulnerability detection and reporting to encoding and decoding.Retire.js, Hackvertor, and Logger++ are a few prominent extensions.

1. Hackvertor

This extension allows you to manipulate requests and responses using a range of conversion and encoding techniques.

Advantages of using Hackvertor include:

1. Flexible data manipulation:-

Hackvertor provides a wide range of data manipulation functions, including base64 encoding and decoding, URL encoding and decoding, and various hashing functions.

2. Customizable functions:-

Hackvertor allows users to create and customize their own functions, making it easy to perform complex data manipulations that are specific to your application.

3. Automated testing:-

Hackvertor can be used to automate certain testing tasks, such as automatically checking if two hashed passwords match.

 

2. Logger++

This extension enables you to capture and log various HTTP requests and responses, including cookies and authentication data.

Advantages of using Logger++ include:-

1. Customizable logging:-

Logger++ allows you to customize the logging settings, including the level of detail and the types of data to be logged. This can help you focus on specific areas of the application or identify certain types of vulnerabilities.

2. Real-time updates:-

Logger++ provides real-time updates of the logs, allowing you to monitor the application and quickly identify any security issues as they occur.

3. Search and filtering capabilities:-

Logger++ provides powerful search and filtering capabilities, allowing you to quickly find specific events or data in the logs.

4. Automatic filtering:-

Logger++ can automatically filter out noise and irrelevant data, making it easier to identify important events and security issues.

 

3. Param Miner

This extension enables you to automatically identify and extract hidden parameters in web applications, which can be useful for discovering potential vulnerabilities.

Advantages of using Param Miner include:-

1. Parameter discovery:-

Param Miner can help you identify hidden parameters and parameters that are not normally visible, making it easier to identify potential vulnerabilities.

2. Automated testing:-

Param Miner can be used to automatically test for common web application vulnerabilities, such as SQL injection and XSS, by manipulating HTTP request parameters.

3. Customizable payloads:-

Param Miner allows you to customize the payloads used in the attacks, including character sets, dictionaries, and permutations.

  

4. AWS Security Checks

AWS Security Checks extension provides additional Scanner checks for AWS security issues. The extension/plugin performed various active & passive checks like

The AWS Security Checks extension was developed by Rhino Security Labs and is designed to identify vulnerabilities in AWS-based applications. Some of the checks that the extension performs include:

1. Insecure S3 bucket permissions:-

The extension checks if S3 buckets have been configured with insecure permissions that allow anyone to read, write, or delete data.

2. IAM privilege escalation:-

The extension checks for any misconfigured IAM permissions that may allow an attacker to escalate their privileges and gain access to sensitive data.

3. EC2 instance metadata exposure:-

The extension checks if any EC2 instances are exposing their metadata, which can contain sensitive information such as AWS access keys.

4. Insecure RDS instance permissions:-

The extension checks if any RDS instances have been configured with insecure permissions that allow unauthorized access.

5. Insecure Elastic Load Balancer configurations:-

The extension checks for any insecure configurations of Elastic Load Balancers that may allow an attacker to access sensitive data.

You can install this plugin directly within Burp, via the BApp Store feature in the Burp Extender tool.

 

5. BurpJS Link Finder

While doing penetration testing or bug hunting, Detection of the hidden endpoints is challenging by manual way. So we need to have an automated method that can detect the endpoints of JavaScript files. This Burp Extension is used for a passively scanning JavaScript files for endpoint links.

 

6. Reflector

Reflector is the plugin which helps in finding cross site scripting bugs on pages in real time while browsing the site.

Advantages of using Reflector include:-

1. Application flow visualization:-

Reflector provides a visual representation of the flow of data through the application, making it easy to understand how data is processed and where vulnerabilities may exist.

2. Object model inspection:-

Reflector allows you to inspect the object model of the application, including the objects and methods used by the application. This can help you identify potential security vulnerabilities and understand how the application interacts with external services.

3. Request/response analysis:-

Reflector provides a detailed breakdown of each request and response, including the headers, parameters, and cookies used. This can help you identify any security vulnerabilities or areas where the application can be improved.

4. Input validation analysis:-

Reflector can analyze the input validation used by the application, helping you identify potential vulnerabilities such as SQL injection or cross-site scripting (XSS).

5. Automated testing:-

Reflector can also be used to automate testing of the application. This can help you quickly identify any vulnerabilities and ensure that the application is secure.

 

7. Turbo intruder 

Going beyond intruder

1. Fast - custom HTTP stack

2. Scalable - flat memory usage and headless

    support

3. Flexible - Scripts are written in Python. Custom

    handling of malformed requests

4. Convenient - Filtering non-relevant results

 
On the other hand it's undeniably harder to use, and
the network stack isn't as reliable and battle-tested as
core Burp's.
https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack

 

Now here's the gift for reading this blog

 Hotkeys

(Good) developers usually use hotkeys in their IDE

- You should start doing it in Burp

    Ctrl+Shi+P :- Proxy

    Ctrl+Shi+R :- Repeater

    Ctrl+Shi+I :- Intruder

    Ctrl+R :- Send this request to repeater

    Ctrl+I :- Send this request to intruder

    Ctrl+- :- Previous tab

    Custom: Ctrl++ :- Next tab

    Custom: Ctrl+G :- Repeater send request 

I hope this tips make your burpsuit more fun to work with!!