Burp Suite Tips — Volume 1

I’ve been meaning to compile a bunch of Burp Suite tips for a while now. Stuff I’ve learned from others and things I’ve picked up along the way. This is the first installment of such helpful tips. I’ll be looking to pump out at least three posts in the short-term and then add more as I continue on down the line.

With that said… I will begin this journey by touching on some of the configurations I make before I begin testing.

But before I do that, I need to issue a quick, shameless plug. I am going to be teaching a beginner-to-intermediate level web application training course at both the Lascon (Austin — Oct 22–23) and Pacific Hackers (Santa Clara — Nov 8th) security conferences. The main goal of my course is to illustrate how web application testers approach comprehensively assessing an application’s security posture during a time-compressed engagement. If interested, come hang out with me and we’ll work on developing an efficiency-focused mindset along with a framework of techniques that will help you rapidly work through your next application assessment.

Sorry, had to be done! Now on to the good stuff…

Installing Burp’s CA certificate

Taken straight from Portswigger’s website.

By default, when you browse an HTTPS website via Burp, the Proxy generates an SSL certificate for each host, signed by its own Certificate Authority (CA) certificate. This CA certificate is generated the first time Burp is run, and stored locally. To use Burp Proxy most effectively with HTTPS websites, you will need to install Burp’s CA certificate as a trusted root in your browser.

No need for me to work up any screens or instructions. Portswigger has you covered right here.

https://support.portswigger.net/customer/portal/articles/1783075-installing-burp-s-ca-certificate-in-your-browser

Work through these instructions to browse TLS/SSL enabled sites without having to accept the certificates created by Burp for each unique site you visit.

Require a fresh, non-cached response from the server.

Disabling XSS Protection headers

You can also use this technique to introduce headers into requests to mark your activity. Your employer or one of their clients may request that you do this at some point.

Keeping your Proxy History Clean

Using Keyboard Shortcuts (HotKeys)

Disabling Proxy Interception on Startup

Burp Themes

Privacy Settings

You may want to enable this setting if you encounter an issue with Burp Suite and need to contact PortSwigger support. Just keep it in mind that you’ve got it disabled.

Additionally, Burp Suite allows you to test if an application is vulnerable to various issues that involve the access of remote services. A service known as Burp Collaborator is what allows Burp Suite to do this. Collaborator is an awesome tool but something better left for a later discussion. Regardless, you may want to disable its use until you’ve configured a server of your own as it would place data from your engagement on a third-party’s systems.

And there you have it… Working through these configuration changes will have you in a good place to begin testing a web application. Stay tuned as I’ll be putting out another round of Burp tips here very soon.

Ethical Hacking Consultant. @ryanwendel