Scribd
Upload
51 views

Lab 08 Task

Burp Suite is a tool used to intercept and analyze web traffic. It allows the user to launch a proxy browser, install the Burp certificate to decrypt HTTPS traffic, and intercept requests to modify parameters. The document provides steps to configure the browser to use Burp as a proxy, import the Burp certificate, find a vulnerability on a demo site that allows modifying the price parameter in a product request, and place an order for a low price exploit.

Uploaded by

Zuraiz Qureshi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
51 views

Lab 08 Task

Burp Suite is a tool used to intercept and analyze web traffic. It allows the user to launch a proxy browser, install the Burp certificate to decrypt HTTPS traffic, and intercept requests to modify parameters. The document provides steps to configure the browser to use Burp as a proxy, import the Burp certificate, find a vulnerability on a demo site that allows modifying the price parameter in a product request, and place an order for a low price exploit.

Uploaded by

Zuraiz Qureshi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Burp suite

Normal Request

Request Through Proxy

Request Through Burp Suite


Open & Run the installer and launch Burp Suite. Select a project file and
configuration, just click Next and then Start Burp to skip this for now.

Open browser and configure proxy


Search for proxy:

Click on settings:
Set Manual proxy configuration
Set target IP address

Enter vulnerable website and pop-up will open:


When capture https traffic need to install burp certificate:
Search http://burp
Keep in mind that proxy has been configured and burp is in running state:

Save the certificate and load it into browser by going to the preferences and search
cert
Import the downloaded certificate:

Select cert and click on open


Demo:
Step 1:
Access the vulnerable website in Burp's browser In Burp, go to the Proxy >
Intercept tab and make sure the interception is switched off.
Launch Burp's browser if prompted, and log in to your portswigger.net account.
After a few seconds, you will see your own instance of a fake shopping website

Step 2:
Log in to your shopping account On the shopping website, click My Account and
log in using the following credentials:
Username: ali
Password: rtfd6’j
Notice that you have just $100 of store credit.
Step 3:
Find something to buy
Step 4:
Study the add-to-cart function In Burp, go to the Proxy > Intercept tab and switch
the interception on. In the browser, add the leather jacket to your cart to intercept
the resulting POST /cart request.
Study the add-to-cart function

Step 5:
Modify the request
Changing the price parameter Switch interception off again so that any subsequent
requests can pass through Burp Proxy uninterrupted.
Step 6:
Exploit the vulnerability
In Burp's browser, click the basket icon in the upper-right corner to view your cart.
Notice that the jacket has been added for just one cent.
Click the Place Order button to purchase the jacket for an extremely reasonable
price.

You might also like