Burp Suite Tips — Volume 2

On to the second leg of this journey! You can find the first installment of my Burp Suite Tips series at the following link.

Before I get into everything, I need to issue a quick, shameless plug. I am going to be teaching a beginner-to-intermediate level web application training course at both the (Austin — Oct 22–23) and (Santa Clara — Nov 8th) security conferences. The main goal of my course is to illustrate how web application testers approach comprehensively assessing an application’s security posture during a time-compressed engagement. If interested, come hang out with me and we’ll work on developing an efficiency-focused mindset along with a framework of techniques that will help you rapidly work through your next application assessment.

Sorry, had to be done! Now on to the good stuff…

Viewing Target and Repeater Using Tabs

I much prefer viewing the Target and Repeater tabs using the “Tabs” view over the “Left/Right” split. The default setting for both tabs is the “Left/Right Split”. It looks like the following for the Target tab.

While the tabbed view looks like.

This view configuration is much less cluttered in my opinion. You can switch the Target tab to this view by right-clicking anywhere on the Sitemap, Contents, or Issues section and selecting “View -> Tabs”.

The “Left/Right Split” view setting looks like the following for the Repeater tab.

While the tabbed view looks like.

You can switch the Repeater tab to this view by and selecting “View -> Tabs”.

Auto-scroll to Match in Request/Response Tabs

Something handy to know when searching requests or responses is the auto-scroll feature of the search mechanism. After inputting your search term into the search bar (found at the bottom of the message output), click on the “+” button to access search options, and select “Auto-scroll to match when text changes” to enjoy having Burp jump to the search term you’ve input after sending a request.

The sought-after text will be highlighted.

Request History Navigation in Repeater

Something handy to know is the Repeater tool provides controls that allow you to navigate the request history.

Auto-Follow Redirections in Repeater

Repeater will auto-follow 300-level (redirection) responses should you care to have it do so.

Target Server Config in Repeater

Something else about the Repeater tab to bear in mind is that you can control what server a particular request is sent to by changing the target server. Click the pencil in the upper-right hand corner of the Repeater tab to alter the target setting.

Changing the Request Method in Repeater

Quickly change the request method from GET to POST (or vice-versa) by right-clicking anywhere in the request message output and selecting “Change request method.

This makes changing a GET to a POST very easy.

Repeating a Request in a Browser

Burp allows you to easily repeat a request and view it in your browser should you want to test how a particular request behaves when rendered by a user agent. Right-clicking anywhere in the request or response side of a message output and selecting “Request in browser” will allow you to access this functionality.

This will provide you with a URL to paste into the address bar of your browser.

Convert a Request to XML/JSON in Repeater

Sometimes it’s a good idea to test if a web application will accept content-types that differ from any default, exhibited behavior. The “Content Type Convertor” extension, easily found in the BApp Store, can make the switching of content-types very easy. Once installed, right-clicking anywhere in the request output will allow you to access its functionality.

Choosing to “Convert to XML”…

Ends up looking something like.

And choosing to “Convert to JSON” something like.

Naming Tabs in Intruder and Repeater

It’s easy to find yourself in a place where you’ve opened (and actually used) a large number of repeater tabs and are finding it difficult to remember which tab did what. No worries! Burp Suite allows you to name tags. Simply double-click the request tab and input something helpful so you can make your way back to something you’ve long forgotten about.

Ethical Hacking Consultant. @ryanwendel