Search

Friday, May 13, 2016

BURP Suite for Penetration Testing : Introduction

Intro

Environment

Ubuntu 14.04, PHP7.0, Apache

Objective

Manually do penetration test on web app using Burb Suite

Components

NOWASP Mutillidae

NOWASP Mutiliadae is a purposely vulnerable web application containing more than 40 vulnerabilities. It includes all of the OWASP top 10 vulnerabilities. NOWASP will be used as target for penetration test.

Burp Suite

This is an interception proxy tool that interacts between the client (a browser application, e.g., Firefox or Chrome) and the website or server. It will be running on my local machine and it will intercept inbound and outbound traffic between the browser and the target host. BURP Suite available in free and premium edition.

Preparation

Download & Install NOWASP

Download & Install BURP Suite

Set BURP Suite as Network Proxy

To enable BURP to intercept our web request, set your network proxy to http://127.0.0.1:8080.

Intercept with Burb

Forward or Drop

Go to Proxy > Intercept tab. Make sure Intercept is on (on button). Once request get intercepted, you may click Forward or Drop the request by clicking the corresponding button.

Examine Request / Response Parameters

Examine the parameters for both request and response.

Edit Request Parameters

Change GET request to POST request

Reference

  1. http://resources.infosecinstitute.com/manual-web-application-penetration-testing-introduction/

No comments:

Post a Comment