Burp Suite

Information Security
Burp Suite (Web App HT)
\
Group 9

R1 - Rubab Nadeem (21011519-177)

R2 - Ayesha Amjad (21011519-118)
R3 - Mehvesh Shabbir (21011519-111)

Course Code: CS-324

Semester: Fall 2023 [5th]

Degree: BSCS

Dept: Department of Computer Science, faculty of I &CT

Submitted to : Mr. Najeeb-ur-Rehman

University of Gujrat
 Manual on How to hack a web app using a burp suite
Before Diving into How can we test the security of a Website, lets go
through some basics
What is Burp Suite?
Burp Suite is an integration of various tools on SearchSecurity.in. put together for performing security
testing of Web applications. Burp Suite helps the penetration tester in the entire testing process from the
mapping phase through to identifying vulnerabilities and exploiting them. This Burp Suite guide series
will help you understand the framework and make use of the features in various scenarios. The various
features of Burp Suite are shown in Figure 1. These include proxy, spider, intruder, repeater, sequencer,
decoder and comparer. As we move ahead in this Burp Suite guide, we shall learn how to make use of
them seamlessly.

Burp Proxy
Burp proxy: Using Burp proxy , one can intercept the traffic between the browser and target application.
This option works in similar fashion to the man-in-the-middle attack vector.

Steps

1. Set up Burp Suite in Kali Linux

Open Burp Suite
Continue with Start Burp

Set up Burp Suite

Click Next

Click Start Burp

The Burp will start with default settings

2. Dashboard of the Burp Suite will be Open

Click Proxy
Proxy is an Intermediate layer between your browser and external layer

Turn on Burp proxy and render some webpage. i.e, google

To see the traffic of requests Click on HTTP History

Here you will see all the request and response of all domains

To see the request and response of any domain , select the domain
 3. How can we stop a request going to server and change it according to our
own requirements?
Go to Proxy >>> Intercept Tab

Turn on the Intercept

Now each and every request going to the server will stop in our burp suite until we forward
them.
Now search for something on your browser

Even when you search something on your browser, your browser wont load anything, its because the request is
not forwarding
Now we can modify the request through the burp suite

Lets change the search query from “intruder+security”

To “intruder+security+youtube”

Forward the request

Turn the intercept off to avoid stopping other requests

Switch back to browser

Now you can see the search query has been changed to “intruder security
youtube”
Now go to Target Tab
Target tab helps you to keep track of all the domain going from your proxy

In the left pane, you will see all the domain that went through your proxy
You can also see all the links that you have visited while the burp proxy is active

You can also see the hidden files and directories that are hard to reach
by normal users

This is how the request and responses can be hacked using burp suite