Open in app

Sign in

Write

Sign in

Risabh Mishra
3 min readMay 20, 2018

Burp-suite Tutorial to Decrease price of any Commodity or Service in a Website

First of all you need to download the Burp suite Software from the link
https://portswigger.net/burp/communitydownload
based upon your OS i.e Linux,Windows or Mac Install download the file and install it .
Now you need to configure your proxy server for your browser so as to burp suite to intercept your packets .
I personally prefer Mozilla Firefox so i will show you how to configure Mozilla Firefox for burp-suite and you can do it similarly for chrome, safari etc.

So let’s start first of all open your Mozilla Firefox browser then go to options=>network=>connections=>settings.
In the settings tab click on manual proxy configuration and set HTTP Proxy to 127.0.0.1 and Port to 8080.

Now go to advanced=>certificates=>view certificates and import certificate from the link: http://burp .
After this step your browser is succesfully configured for burpsuite to intercept all your browsing data and packets transferred.

So Let’s open a website www.example.com and I l buy a cake worth Rs. 1299 for just Rs. 1 in this tutorial.

You need to select the cake and the quantity you want and checkout to enter your personal details with delivery address and any other message and select your payment portal preferred, I l just fill it with some random data and choose PayU as my payment portal.

So here is where the actual manipulation of packets start so before you click on make payment button, start your burpsuite application and go to proxy tab =>Intercept and over there set intercept to on, after that come back to browser and click on proceed to pay.

As soon as you do that you get all the details intercepted in your burp and what you need to actually do is to look for a parameter named amount or amt with the the value of the item you are buying, so in my case it is amount=1299. So what I did is I just changed it to 1, you can do it to any positive value of your choice.

After you have modified the amount you just need to forward the packet and close the Intercept and that’s it. You will be forwarded to to the payment portal with the your set amount in the browser window and in my case it is Rs. 1 in payU portal and now you can complete your payment process and get your product delivered.

So this is some severe mistake present in few of the websites present online where faults or changes made in the payment gateway can cause huge mistakes to the parent organization. You can use this hack on any kind of e-commerce website or service providing website if this bug is present , at your own risk.
Happy HACKING!

Infosec
Hacking
Risabh Mishra

Written by Risabh Mishra

37 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams