Top 10 Tips for Burp Suite
Collection of useful features in Burp Suite Application
Burp Suite is a great analysis tool for testing web applications and systems for security vulnerabilities. It has so many great features to utilize during a pentesting engagement. The more you use it, the more you discover its handy features.
The list below is a collection of the top features I learned and started regularly using during tests. These tips are collected from the excellent Bug Bounty write-ups on (BugCrowd and Medium) and training like Modern WebApp Pentesting with BBking.
📣A great shout-out to Black Hills Information Security for their awesome security training.
With that, let’s start …
1- CA Certificate 📃
Install Burp CA certificate to intercept HTTPS websites. Not all sites will show the “Accept the Risk” messages when intercepting them. Most modern sites will fail to connect or render if there is no TLS certificate in place.
I use the FoxyProxy Firefox extension to configure the browser to work with Burp as it is easy to turn on and off as needed.
- Open your browser, go to http://brupsuite, download the CA certificate, and save it locally on your machine.
- Go to Preferences on the Firefox browser, and click on Privacy and Security Section > View Certificates.
- Import the certificate you saved on your machine, and check the “Trust this CA to identify websites” box.
🔗For other browsers, check the official guide on PortSwigger Academy https://portswigger.net/burp/documentation/desktop/getting-started/proxy-setup/certificate.
2- Advance Scope Control
It is essential to define the testing scope during testing to focus on what looks interesting to attack and worth spending time on. Using the advanced scope control option, you will be able to create URL matching rules to include or exclude specific URLs that might not be relevant to your testing scope.
Adding a checkmark to Use advanced scope control allows you to control and fine-tune the scope through the Regex expressions. You can define the protocol types, port numbers, and file extensions that can be included or excluded during the test.
3- Filters
Once you define the scope and endpoints of interest, filtering helps cutting down the noise of irrelevant requests like images and CSS files. The cool thing about Burp if you messed up the filters, you revert the changes and start over again.
Location in Burp
- Target > Sitemap > Revert Changes (Button)
4- Expand Branch
Right-click on the scope and choose “Expand branch” to expand all directories in the scope in a tree view. I find this one-click feature very useful for reviewing all the files and directories for further details.
You can also collapse the tree view with another one-click on “Collapse Branch.” These features keep the site map section clean.
5- Extract all links and URLs
There are 2 great functions on Burp for extracting links and copy them to the clipboard. One pulls ALL links found on the scoped target, including the external links to third-party sites that are not in scope (Copy links in this host).
And, the other (Copy URLs in this host) copies ONLY the scope links.
6- Auto-scroll to Match
Instead of scrolling through the server responses looking for the section you want to check out, the Auto-scroll feature is a useful search function for jumping to a selected area.
Select and copy the search term, and past it in the search bar. Click on the gear icon on the left side of the bar and choose “Auto-scroll to Match when the text changes.”
Any new server responses containing the search item you input will directly scroll to the selected area and highlight it in yellow.
7- Naming Tabs in Repeater
Many times in the past, I send multiple requests, and I forget which tab number has the request I need to test further. Though it is a simple and obvious feature, it will keep you organized and save you lots of random guessing clicks.
Double click on the tab and give it a meaningful name that helps you remember what the request was for.
8- Keep Sessions alive with repeated requests
Sometimes sessions expire for inactivity. One of the most straightforward technique I found for keeping sessions alive is sending Null payloads with Intruder.
1- Select a POST request and right-click on “Send to Intruder.”
2. Click on the Positions tab and then the Clear button to clear all the highlighted positions. We are only interested in repeating the requests and not sending any testing payloads.
3- In the Payloads tab, click on the Payload type and select “Null Payloads.”
In the below section under “Payload Options,” select “continue indefinitely.” When done, click on Start Attack.
9- Grep-Extract option
The Grep-Extract option is a handy option to extract information from the fuzzed responses. A good use-case for this feature is when you iterate through the numbers of tables in an application vulnerable to Error-based SQL Injection; you can extract the error messages and display them in the results attack table without clicking on each response separately.
To do that, go to the Intruder under the Options tab, look for the Grep-Extract option and click on Add.
Define the item’s location and its start and end, and then click Ok.
10- Fonts Size and Display Themes
To change the look and feel of Burp, go to User Options, under Display, and choose the font size, type, and theme color that works best for you. At work, I preferer Nimbus and Metal themes for clear screenshots for reporting purposes.
I also like to increase the font size to 16 for a better experience.
That’s all for today, Thanks for stopping by 😃!!
