Burp Suite is a platform for performing web application security testing. In this article, I will share several tricks on how to use this tool more efficiently.


ITKarma picture


Settings


To work correctly with any tool, it is important to configure it for yourself. There are 2 types of settings in Burp Suite:


  • User Options - Settings related to Burp Suite itself
  • Project Options - Settings for what you hack

Encodings


When researching Russian-language resources, often in the response from the server krakozyabry may be displayed instead of Cyrillic. To avoid this, you can set the encoding UtF-8 and continue to work in normal mode. Encoding settings are in User Options - > Display - > Characters Sets .


ITKarma picture


Hotkeys


To really speed up your work with Burp Suite, you should try switching to using shortcut keys. You can use the default ones, but there is also the option to reconfigure "for yourself." To manage hotkeys, just go to User Options - > Misc - > Hotkeys . Some useful combinations:


  • Encoding/Decoding:
    • Ctrl + (Shift) + U | H | B for “URL | HTML | Base64 (de) code”
  • GUI Navigation:
    • Ctrl + Shift + T | P | S | I | R - “Switch between utilities”
    • Ctrl + I | R | D - "Send request to utility"
  • Burp Repeater:
    • Ctrl + G - "Run the request in Burp Repeater"

Proxy Interception


Have you ever had such an issue that setting up traffic redirection in Burp Proxy for some reason didn’t work, but requests never appeared in the history? I had it almost every time when starting a new project. All due to the fact that I forgot to disable interception in the proxy. Every time... In order not to injure your nervous system, you can disable this useful feature by default. Go to User - > Misc - > Proxy Interseption and select the "Always Disable" option.


ITKarma picture


Privacy


Despite the trust, developers from PortSwigger should not transfer unnecessary information to their servers. Even if you yourself are not against “sharing,” then your customers may have stricter rules. The first thing to do is to disable sending anonymous messages sent by PortSwigger. Follow the path User Options - > Misc - > Performance Feedback and deny submission.
ITKarma picture


If you are using Burp Collaborator , then you should raise your own and use it. Such a solution will allow you to bypass some WAFs configured to block burpcollaborator.net and its subdomains. To manage Burp Collaborator, go to Project Options - > Misc - > Burp Collaborator Server


ITKarma picture


Use the default config


In order not to work with the settings for each project, you can create a configuration file and load it when you start a new project. To do this, just follow these steps:


  • Make the necessary changes
  • Save the project and user settings (these will be JSON files).
  • Combine both files into one.
  • Update it as needed and keep it in a safe place (e.g. git repositories).
  • The final config will look like this:

{ "project_options":{//options }, "user_options":{//options } } 

Disabling plugins


When starting Burp Suite, you can disable all plugins. This can significantly speed up the download, especially if you use many add-ons.


ITKarma picture


You can enable the necessary additions later, taking into account the specifics of the project.


Memory limit


Burp Suite is written in Java, which often leads to high memory consumption, especially in the case of long automatic checks. You can use the following command to limit the resources consumed:


java -jar -Xmx2048M burp.jar 

Utilities


This section will provide tips on working with embedded utilities in Burp Suite. The most interesting of them:


  • Burp Proxy lies at the very heart of the Burp Suite user-driven workflow, allowing you to intercept, verify and modify traffic moving in both directions between the server and the client.
  • Burp Repeater - a tool for processing HTTP requests, editing them and manually analyzing web application responses.
  • Burp Intruder is a powerful tool for automating specialized attacks against web applications. This is a very flexible and highly customizable tool that can be used to perform a huge range of tasks that arise during application testing.

Find host links


Sometimes, it becomes necessary to find links to a specific host. Of course, you can use the search in the query history, but there is a faster and more efficient way. Go to the Target - > Site Map , select the required host from the list, right-click and Engagement tools - > Find reference . As a result, a list of queries will appear that link to the host of interest to us.


ITKarma picture


AutoCorrect


Many people underestimate the usefulness of the AutoCorrect feature in Burp Proxy. Often it is used to substitute server responses in order to disable the protection mechanisms in the headers; replacing false with true to increase privileged access, etc. For me, the greatest benefit from this mechanism is achieved when testing mobile applications. It is very convenient to enter simple words in the application interface itself, and as a result send complex expressions. For example, enter bxss, and send a full BlindXSS payload. Also, it simplifies the work when entering passwords. AutoCorrect settings can be found in Proxy - > Options - > Match and replace .


ITKarma picture


Rename tabs


Burp Suite allows you to name tabs, when I found out about this feature, my joy knew no bounds. By double-clicking on the title of the request tab, you can record useful information that will help you remember what happened after a while.


ITKarma picture


This works not only in Burp Repeater, but also in Burp Intruder, which is also useful.


Auto scroll


The auto-scroll function is very convenient when searching in queries or answers. Burp will automatically jump to the result after sending the request, speeding up your work. To enable the option after entering in the search bar what you want to find, click the "+" button to access the search options and check the box "Auto-scroll to match when text changes" .


ITKarma picture


Reports


When preparing reports, much more information will fit and screenshots with a vertical arrangement of the request/response will look prettier.To do this, in the Burp Repeater options check View- > Top/bottom split


ITKarma picture


Target Scan


You can use the Burp Intruder interface to configure scanning using the Burp Scanner only for the necessary parameters, headers, etc. To do this, set the markers in the request you need in the Burp Intruder interface as you usually do, and then select "Scan defined insertion points" from the context menu. As a result, enough time will be saved. By default, Burp Scanner tests everything that is available in the request, including cookies, headers, URIs, request parameters.


ITKarma picture


Handling payload on the fly


In Burp Intruder, you can set various payload processing before sending a request. The established rules are executed sequentially, can be turned on/off to help in case of any problems in the configuration. Processing rules can be useful in many different situations where you need to generate an unusual load, or, for example, encode.


Examples of available rule types:


  • Add prefix/suffix - Adds text before or after loading.
  • Match/replace - Replaces any part in the load matching the regular expression specified by the string.
  • Encode/Decode - Encodes or decodes a load of various types: URL, HTML, Base64, ASCII hex.
  • Hash - Performs a hashing operation on the load.
  • Skip if matches regex - Checks if the load matches the specified regular expression, and if so, skips the load and proceeds to the next. This can be useful, for example, if you know that the parameter value should have a minimum length and you want to skip all the values ​​from the list that are shorter than the given value.

ITKarma picture


Sort Intruder results


In Burp Intruder, you can mark results containing the specified expressions in server responses. For each expression, Burp will add a checkbox column to the results table. As a result, you can clearly see interesting answers, and, if necessary, group by clicking on the column heading.


ITKarma picture


Using this option becomes most useful when analyzing large volumes of scan results and allows you to quickly find things you are interested in. For example, when testing SQL injections, searching for messages containing "ODBC", "error", etc. will help you quickly find vulnerable parameters.

.

Source