receives. By using this information burp suite can be used to send repeated
or manipulated requests that can help the users
to understand the process
that is going on.
In this chapter, we will discuss in more of a practical way about the burp
suite in detail. We will look at a scenario to understand the tool we are
learning.
Practical scenario:
We have a login page for our website www.amazonkali.com that uses https
protocol. Our novice hackers' task is to log
in to the website using the
payloads that are present. Let us do it!
Try to do this assignment by yourself for the first time while using the tool
and if you are unable to get the task done follow the below section to
understand the process that goes on.
Solution or strategy for the task:
First of all, after the successful
installation of the burp suite, you need to
enter the CA certificate in the browser options to make burp suite work on
https websites. This is necessary to be done because https use an encrypted
protocol that can be only read by the proxy interpretation tools when a CA
certificate is installed. For the installation
of the certificate, you need to
start a proxy first.
Follow along with the instructions briefly:
a) Open the burp suite proxy tab and enter the proxy 127.0.0.1 as an
interception address. After entering the details, you need a select a browser
preferably Mozilla Firefox because chrome spends a lot of computer usage
and being a hacker coordination of processes
is an important thing for
smoother results.
b) In the Mozilla Firefox, proxy settings enter the same interception address
and start the proxy server using the intercept on/off button. With this, every
request or response will first go through the burp suite proxy server and will
get recorded.
With this, we have set up the burp suite with the browser and we are now all
set to exploit the www.amazonkali.com website.
Follow along for the
procedure.
