Security
Reader small image

You're reading from  Burp Suite Cookbook - Second Edition

Product typeBook
Published inOct 2023
PublisherPackt
ISBN-139781835081075
Edition2nd Edition
Tools
Burp Suite
Concepts
Penetration Testing
Right arrow
Author (1)
Dr. Sunny Wear
Dr. Sunny Wear
author image
Dr. Sunny Wear

Dr. Sunny Wear is a web security architect and penetration tester. She provides secure coding classes, creates software, and performs penetration testing on web/API and mobile applications. Sunny has more than 25 years of hands-on software programming, architecture, and security experience and holds a Doctor of Science in Cybersecurity. She is a content creator on Pluralsight, with three courses on Burp Suite. She is a published author, a developer of mobile apps such as Burp Tool Buddy, and a content creator on courses related to web security and penetration testing. She regularly speaks and holds classes at security conferences such as Defcon, Hackfest, and BSides.
Read more about Dr. Sunny Wear

Right arrow

Working with Burp Suite Macros and Extensions

This chapter covers two separate topics that can also be blended together: macros and extensions. Burp Suite macros enable penetration testers to automate events, such as logins or parameter reads, to overcome potential error situations. Extensions, also known as plugins, extend the core functionality found in Burp.

In this chapter, we will cover the following recipes:

  • Creating session-handling macros
  • Getting caught in the cookie jar
  • Adding great pentester plugins
  • Creating new issues via the Add & Track Custom Issues extension
  • Working with the Active Scan++ extension
  • Using Burp Suite extensions for bug bounties

Technical requirements

In order to complete the recipes in this chapter, you will need the following:

  • OWASP Broken Web Applications (BWA)
  • OWASP Mutillidae (http://<Your_VM_Assigned_IP_Address>/mutillidae)
  • GetBoo (http://<Your_VM_Assigned_IP_Address>/getboo)
  • Burp Proxy Community or Professional (https://portswigger.net/burp/)

Creating session-handling macros

In Burp Suite, the Project options tab allows testers to set up session-handling rules. A session-handling rule allows a tester to specify a set of actions Burp Suite will take in relation to session tokens or cross-site request forgery (CSRF) tokens while making HTTP requests. There is a default session-handling rule in scope for Spider and Scanner. However, in this recipe, we will create a new session-handling rule and use a macro to help us create an authenticated session from an unauthenticated one while using Repeater.

Getting ready

Using the OWASP Mutillidae II application, we will create a new Burp Suite session-handling rule, with an associated macro, to create an authenticated session from an unauthenticated one while using Repeater.

How to do it...

  1. Navigate to the Login page in Mutillidae. Log in to the application with the username ed with the password pentest:
Figure 10.1 – Logging in as ed/pentest

Figure 10.1 – Logging in...

Getting caught in the cookie jar

While targeting an application, Burp Suite captures all cookies while proxying and crawling. Burp Suite stores these cookies in a cache called the cookie jar. This cookie jar is used within the default session-handling rule and can be shared among the suite of Burp Suite tools, such as Proxy, Intruder, and Repeater. Inside the cookie jar, there is a historical table of requests. The table details each cookie domain and path. It is possible to edit or remove cookies from the cookie jar.

Getting ready

We will open the Burp Suite cookie jar and look inside. Then, using the OWASP GetBoo application, we’ll identify new cookies added to the Burp Suite cookie jar.

How to do it...

  1. Click the Burp Suite Settings gear icon in the top-right corner:
Figure 10.19 – Global Settings gear icon

Figure 10.19 – Global Settings gear icon

Then, select the Sessions area and go to the Cookie jar section:

Figure 10.20 – Cookie jar

Figure 10.20 –...

Adding great pentester plugins

As web application testers, you will find handy tools to add to your repertoire to make your assessments more efficient. The Burp Suite community offers many wonderful extensions. In this recipe, we will add a couple of them and explain how they can make your assessments better. Get All Params (GAP) and Software Vulnerability Scanner are the two plugins we will add to Burp Suite and use with the passive scanner.

Note

Both plugins require the Burp Suite Professional version.

Getting ready

Using the OWASP Mutillidae II application, we will add two handy extensions that will help us find more vulnerabilities in our target.

How to do it...

  1. The first extension, GAP-Burp-Extension, is available at the following GitHub repository: https://github.com/xnl-h4ck3r/GAP-Burp-Extension. Install Git on Linux or Git for Windows (https://gitforwindows.org/). Then, using the git clone https://github.com/xnl-h4ck3r/GAP-Burp-Extension.git command,...

Creating new issues via the Add & Track Custom Issues extension

Though Burp Suite provides a listing of many security vulnerabilities commonly found in web applications, occasionally you will identify an issue and need to create a custom scan finding. This can be done using the Add & Track Custom Issues extension.

Note

This plugin requires the Burp Suite Professional edition.

Getting ready

Using the OWASP Mutillidae II application, we will add the Add & Track Custom Issues extension, create steps revealing a finding, and then use the extension to create a custom issue.

How to do it...

  1. Switch to the Burp Suite Extension tab. Go to the BApp Store subtab and find the plugin labeled Add & Track Custom Issues. Click the Install button:
Figure 10.45 – Add & Track Custom Issues extension

Figure 10.45 – Add & Track Custom Issues extension

  1. Ensure the extension is loaded and enabled in the Extensions | Installed | Burp extensions section:
...

Working with the Active Scan++ extension

Some extensions assist in finding vulnerabilities with specific payloads, such as XML, or help to find hidden issues, such as cache poisoning and DNS rebinding. In this recipe, we will add an active scanner extension called Active Scan++, which assists with identifying these more specialized vulnerabilities.

Note

This plugin requires the Burp Suite Professional edition.

Getting ready

Using the OWASP Mutillidae II application, we will add the Active Scan++ extension, and then run an active scan against the target.

How to do it...

  1. Switch to Burp Suite’s Extensions | BApp Store tab and select the Active Scan++ extension. Click the Install button to install the extension, as follows:
Figure 10.52 – Active Scan++ extension

Figure 10.52 – Active Scan++ extension

  1. Return to the Firefox browser and browse to the Mutillidae home page.
  2. Switch to Burp Suite’s Target tab and then the Site map subtab, right...

Using Burp Suite extensions for bug bounties

As bug bounty hunters, you will find handy tools to identify possible bugs more easily. There are many, but the two we will look at in this recipe are the Burp Bounty, Scan Check Builder and Auth Analyzer.

Note

Burp Bounty, Scan Check Builder requires the Burp Suite Professional version.

Getting ready

Both recommended extensions for bug bounty hunting can be found in the BApp Store subtab. We will download and install them within our Burp Suite instance. Then, we’ll see how to use each to potentially uncover bugs for payouts!

How to do it...

  1. Inside Burp Suite’s Extensions | BApp Store tab, select Burp Bounty, Scan Check Builder and click the Install button. Then, select Auth Analyzer and click the Install button:
Figure 10.55 – The two extensions covered in this recipe

Figure 10.55 – The two extensions covered in this recipe

  1. Switch to the Extensions | Installed tab and ensure both extensions are installed and enabled...
lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 11 of 14
Next Chapter
You have been reading a chapter from
Burp Suite Cookbook - Second Edition
Published in: Oct 2023Publisher: PacktISBN-13: 9781835081075
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €14.99/month. Cancel anytime

Author (1)

author image
Dr. Sunny Wear

Dr. Sunny Wear is a web security architect and penetration tester. She provides secure coding classes, creates software, and performs penetration testing on web/API and mobile applications. Sunny has more than 25 years of hands-on software programming, architecture, and security experience and holds a Doctor of Science in Cybersecurity. She is a content creator on Pluralsight, with three courses on Burp Suite. She is a published author, a developer of mobile apps such as Burp Tool Buddy, and a content creator on courses related to web security and penetration testing. She regularly speaks and holds classes at security conferences such as Defcon, Hackfest, and BSides.
Read more about Dr. Sunny Wear

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages