![]() Intercepting traffic with BurpSuite, we can start to change the cookie values to change how the server perceives us. They hold values that can help the server customise the site to the client, for example: FirstName=John This is particularly useful for manipulating traffic outgoing to the server, especially values such as cookies and referrers… Common Web Hacking (Interception) Techniques: Cookie Manipulation & Referrer SpoofingĬookies are small files stored on your computer when you visit a website, and are specific to clients and the relevant website. Open Firefox and open Preferences by clicking the three horizontal lines on the far right of the window, and then the cog labelled “Preferences” ![]() Please note that the UI in the following instructions may vary depending on the version of Kali Linux, however the fundamental instructions should still be the same.ġ. The following instructions will help you set up a HTTP proxy on Kali Linux, utilising the inbuilt community version of BurpSuite and the Firefox browser. To allow this feature to work, you will need to set up a HTTP proxy within your browser to feed into BurpSuite. One of the most common features (and the main one for this blog) is using the HTTP proxy to allow you to intercept, record, replay and modify requests made by clients to the server. How to Setup the Burp HTTP Proxy (Kali Linux) Simply selecting “Temporary Project” will do, select “Start Burp” and you should be brought to the main interface GUI. Starting BurpSuite, you will be asked if you would like to start a project. Because of this, we will only be focusing on the “Proxy (Intercept)” and “Repeater” tabs and their relevant functions. This blog will primarily focus on understanding how Burp works as an interception tool. Now knowing the basics of how web works, hopefully you will be able to understand how BurpSuite can be used for web hacking and interception attacks… What is BurpSuite?īurpSuite is a collection of web application testing tools that range from intercepting web traffic, to automating brute force attacks against forms. Typically, browsers will not directly communicate with each other over the Internet. Once this process has been completed, the browser will display the page. The client will firstly request the page from the web server, receiving the data when the server successfully accepts the requests and finds the correct page to return to the client. So how does the client/server relationship work when a browser tries to access a web page? Hopefully the following diagram can help visualise it…Ĭlient/Browser Communication via. There is obviously much more to this, but these few points should help you grasp the basic concept of the “web” for now. Pages are linked together using URLs (Uniform Resource Locators) e.g.Clients access servers through HTTP (HyperText Transfer Protocol). ![]() Content is dictated through HTML (HyperText Markup Language).The “WWW” is a collection of different web pages.The Internet can be defined as “A worldwide system of computer networks connected with each other”, the World Wide Web is a service on the Internet that allows us to browse it.Ī few key points to understand about the World Wide Web: ![]() As always, constructive criticisms and feedback are always welcome! Back to Basicsīefore we dive into the realm of web hacking and the wonders of Burp Suite, it’s important to understand the basics of how the Internet and the World Wide Web works. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |