Assignment 2

Name:Rida Mahmud Sadman

ID:20301096

Burp Suite is a software that is used for the security testing of websites. It has several
features such as proxy, intruder, repeater, sequencer, decoder, comparer, extender, etc. A
report of these features of the Burp Suite software is as follows:

Proxy:

One of the best use cases of Burp Suite is that we can use it as a proxy server. As known,
proxy servers act as intermediaries between a client (like a browser) and a server, allowing
them to communicate. In the context of security testing for websites, particularly web
applications, vulnerabilities often reside in the server-side or backend components. Burp
Suite's Proxy tool plays a crucial role in this process by intercepting and examining HTTP/S
traffic between the client and the server.

When the Proxy tool is enabled within Burp Suite, it intercepts requests and responses
between the client (such as a web browser) and the server hosting the web application. This
interception effectively pauses the traffic flow, diverting it through Burp Suite's interface.
Here, security testers or developers can meticulously inspect each request and response,
gaining visibility into the data being exchanged. This capability allows for detailed analysis
and modification of requests before they are forwarded either to the server or the client
browser
Intercept:
We can intercept website connections to the browser of our choice by utilizing Burp Suite as
a proxy server. It will launch a Chromium browser by default that has the Burp suite installed,
but we may link it to our regular default browser. The browser must be enabled by going to
the Proxy tab in Burp Suite, clicking the "intercept is on" button, and then the browser will
open. The next step is to type the website's name; in this case, bracu.ac.bd. The screen
below shows us that the browser is now in a continuous loading state.

Here, the browser's and the website's outgoing and incoming connections are intercepted by
the burp suite software. The webpage won't change if we click forward once, but the
requests will change if we look at the raw tab that is open in the Burp suite. Every request
modifies the raw tab, which displays the hostname, cookies, and other details about the
request. This clarifies how many queries are processing when we visit a website behind the
scenes. It takes a few clicks of the forward button before the webpage begins to load
correctly.
We can also check the HTTP request history between the proxy tab and browser that was
created while trying to go to the websites. If we click one of the requests, we can check the
response request as well as inspect several parts of the requests such as headers, cookies,
etc.

This intercept feature is crucial for security testing, allowing detailed inspection and
manipulation of messages to identify vulnerabilities or understand the behavior behind every
incoming and outgoing request to the website.

INTRUDER:
The ability to connect to any website and simulate attacks as an intruder is another crucial
feature of Burp Suite. This functionality is particularly useful when employing payloads
containing commonly used passwords or malicious scripts. It facilitates tasks such as
brute-forcing passwords, testing for XSS (Cross-Site Scripting), SQL injection vulnerabilities,
and validating input fields. When preparing for such tasks, connecting the intruder to open
requests or ongoing connections is essential. For instance, examining the POST request
example within the Intruder tab allows security professionals to test functionality without
actually launching attacks on live websites.We will see the following screen after going to the
intruder tab:
We can only execute the payloads where there are input options. On the right part, we can
see the add, clear, auto-select, and refresh options. This would change the input fields
respectively. The software selects the input fields automatically by default.

In addition to position, we can choose which payloads to utilize in the input section.
When we click on that tab, we can select from a number of different settings related to the
number of payload sets we have and the kind of payloads available.

Both the payload processing and payload settings are modifiable. The requirements for each
sort of payload vary, hence the payload settings will alter the requirements for each type.
When the attack occurs, we have the ability to control or establish guidelines for how the
payloads will behave. The intruder attack can be configured in a variety of ways, including
the number of attacks that occur in a second, the number of iterations that occur in a
second, and the precise assault-based settings that are needed to effectively construct the
attack.
There are several ways to attack using the intruder, these are explained as follows:

A.Sniper:The Burp Suite's Intruder tool uses a Sniper attack mode where payloads are
deployed one after the other to each chosen input point in the request. First, one set of
payloads is chosen, and they are injected one after the other into every specified input field
or parameter. With this technique, testers can use the same set of payloads to systematically
test different inputs within a request.
When numerous inputs must be checked concurrently with identical payloads in online
applications, the Sniper attack is an effective way to identify vulnerabilities. It assists in
locating possible flaws like SQL injection or cross-site scripting vulnerabilities across several
parameters in a single request. Security experts can quickly evaluate how the program
handles various input types by automating the placement of payloads into different input
areas.The Sniper attack mode is a useful tool for comprehensive security testing without the
need for manual repetition because it assures extensive coverage of all specified inputs
through the sequential deployment of payloads. This systematic methodology contributes to
overall application security and risk mitigation efforts by improving the efficacy and efficiency
of vulnerability identification within online applications.

B. Battering Ram: For this attack, we can use only one input. The ideal use case for this
attack is only attacking to determine the password. This attack iterates all the payload strings
in one input which is useful for testing multiple parameters with the same value.

In the above image, we have used battering ram to attack a locally hosted site with different
passwords that we have given in the payload. In the last attack, we are seeing the status
code 200 OK meaning that our attack was successful.

C.Pitchfork:It makes use of several payload sets, allowing us to combine various payloads
with various inputs. Then, iterating through several payload sets at once, each payload is
assigned to an input location. For instance, Pitchfork can be used to launch an attack with
several payload sets using a username and email combination.
D. Cluster Bomb:Compared to previous attacks, this one is the most thorough and
resource-intensive as it is the strongest against invaders. Every possible combination of
payloads is generated for all input points, and each combination can then be used.
For instance, there will be 100 * 100 attack combinations if we have 100 usernames and 100
passwords.

Repeater:
With this functionality, we can manually test individual requests. We can also modify
requests and resend them to observe the behavior of the application or to exploit
vulnerabilities. Similar to the intruder, we have to send which request we want to use in the
repeater by right-clicking from anywhere in the Burp Suite software. If we see an example of
trying to log in to hosted locally site we will see the below image:

The POST request to the website and the burp suite on the left are visible in this picture. In
addition to the software, I have provided the login page for the locally hosted side so that you
can comprehend our goals. We attempted a fictitious username and password at first, but
they are not valid for login. We receive a response next to the request tab after submitting
the request using Burp Suite. As previously said, we are seeing the error message and poor
request alert on the response tab since we are using the incorrect credentials.

Again if you check the below image, for the same website we have used the correct
credentials this time. Now if we send the request using Burp Suite then get proper logged-in
response. If we see the response tab, we have generated a JSON web token so it proves
that the credentials were right. Moreover, similar to the proxy we can also check the request
header, cookies, etc. to successfully identify any sort of vulnerabilities in the website.
Sequencer:
A sequencer is utilized to examine random session tokens of any kind and significant
information on the web page. As can be seen from the produced JSON web token above, it
is generated at random for the user and has an expiration date. Every time, it has to be
random because, if it isn't specified, then all of the user's data may be taken if a brute force
attack is employed or if the information is discovered.Therefore, every time we log in to a
website, a new session ID is generated at random. For determining the unpredictability or
pseudo-randomness of this session and other crucial information on a webpage, the
Sequencer is an excellent tool.The sequencer tries to identify the sources of entropy from
the time the pseudo-random numbers were generated by applying various mathematical
assessments to the pseudo-random numbers. By making a specially constructed request
that will cause new values to be allocated, live capture can be utilized to generate sample
values for this purpose. In order for the response to deliver a new session token in the form
of a new cookie response header, this is frequently accomplished by deleting an existing
cookie value from the request. Sending the request to the repeater is the first step in using
the sequencer. Next, we need to set the parameters for any headers containing strings that
are created randomly or pseudo-randomly.Once a header has been selected, it can be sent
to the sequencer, where live capture can begin to view the outcome. We have chosen to use
the JSON web token that we have previously seen for our example. To choose it, we must
provide a custom configuration option. We can begin live capture to examine the token's
unpredictability after selecting the appropriate option. We can see the work in progress in the
picture below.
Decoder:
As the name suggests, we can use a decoder to decrypt any sort of encrypted numbers from
one type to another type of encryption. It supports plain text, URL, HTML, ASCII index,
Base64, Hex, Octal, Binary, and Gzip formats. To use this we first to write something in the
textbox. For example, if try to encrypt a plain text file we are going to “CSE496: Ethical
Hacking”, then let’s try the base64 encryption. After choosing it, the encryption will occur
automatically. Decoder also lets us do more than one level of encryption, we can convert the
coded base64 string to ASCII index format. Then let us do one more level by choosing
binary format. So, after that, we got a string which is encrypted three times. We know how to
decrypt it but for others, it will be really hard to determine the exact formats the message
was decoded.
Comparer:
It is used to compare different responses or requests with each other to determine any
vulnerabilities. If we see an example of the previous login page of, if we extend the
previously used case of battering ram attack, let's choose the last two attacks having
different status codes.

After we send this to the comparer (responses) we have we will see both of these requests
inside the comparer. We have to click on the word option in the bottom-right corner for
seeing the comparison and differences between the two requests.

As we can see, comparer has highlighted all the differences between the requests. In this
way, we can determine any sort of data to identify differences between responses and
requests.
Extender:
The current burp suite program's usability can be improved by extensions. By selecting the
add button on the extensions tab and providing the extension's data, we can manually install
an extension. The extension file will have a.jar extension, and the extension type can be any
of the programming languages—Java, Python, or Ruby.

We also have the option to automatically download any Burp extension from the BApp store
if we prefer not to install manually. This tab, which is located just next to the installed tab on
the top right, contains all of the BURP suite's legal extensions. The extension is visible on
the installed tab once it has been installed. Moreover, extensions can be changed or
eliminated as necessary.