Brup suite - HackMD

# Brup suite ###### tags: `burpSuite` `deelmind` --- https://www.youtube.com/watch?v=IWWYNDiwYOA [TOC] # dashboard It can give us some information on what is going on here ![](https://i.imgur.com/NhH2lBv.png) # Target This is where we actually have the information we want to log or to work with. # Filter scope of information ![](https://i.imgur.com/uWpJiVA.png) ![](https://i.imgur.com/keEdLkj.png) if we say yes. we could stop getting the traffic that we don't want # Proxy ## Intercept It just grabbed a request the we browser is making. Because our browser is already hooked into burp suite FoxyProxy ![](https://i.imgur.com/dck8zWv.png) ![](https://i.imgur.com/NTaN0zP.png) ## options ### HTTP 304 (do intercept response problems) 無需再次请求的内容，web 會直接使用缓存的contents Reference https://forum.portswigger.net/thread/response-doesn-t-show-any-piece-of-source-code-of-intercepted-website-778333f7 ![](https://hackmd.io/_uploads/B1-tUlQO2.png) require non cache response (Request不使用 web cache ) 那兩個都要勾 # Burp Suite HTTPS certification installed. if we want to intercept https requests, we have to install the https certificate in our browser. To make sure that the brup suite can work with https requests CA URL ``` http://burpsuite ``` ![](https://i.imgur.com/x9A3J0x.png) Download it. Next, we need to install it into the certificate area of our browser. ![](https://i.imgur.com/NBlv4vX.png) Go to the private and security page. ![](https://i.imgur.com/f299dlU.png) select the view certificates ![](https://i.imgur.com/HTZTjhP.png) import ![](https://i.imgur.com/mBYslka.png) check the two options ![](https://i.imgur.com/CRIdjJ3.png) # tips and tricks ctrl+U -> Html encode # source https://hackercat.org/burp-suite-tutorial/burp-suite-intruder-attack-type-and-payloads --- # intruder ## payload type ### List ![](https://i.imgur.com/tuqh7mT.png) ![](https://i.imgur.com/RaZSNvN.png) ### Number ### Brute Force