Skip to content

TryHackMe Writeups

Burpsuitebasics

TryHackMe Writeups

Home
Crackthehash
Cyberadventtemplate
Template
25daysofchristmas
25daysofchristmas
- 25daysofchristmas
HackfinityBattle
HackfinityBattle
- HackfinityBattle
Adenumeration
Adenumeration
- Adenumeration
Adv3nt0fdbopsjcap
Adv3nt0fdbopsjcap
- Adv3nt0fdbopsjcap
Adventofcyber2
Adventofcyber2
- Adventofcyber2
Adventofcyber2023
Adventofcyber2023
- Adventofcyber2023
Adventofcyber2024
Adventofcyber2024
- Adventofcyber2024
Adventofcyber23sidequest
Adventofcyber23sidequest
- Adventofcyber23sidequest
Agentsudoctf
Agentsudoctf
- Agentsudoctf
Anonymous
Anonymous
- Anonymous
Auditingandmonitoringse
Auditingandmonitoringse
- Auditingandmonitoringse
Authenticationbypass
Authenticationbypass
- Authenticationbypass
Blaster
Blaster
- Blaster
Blue
Blue
- Blue
Bof1
Bof1
- Bof1
Breachingad
Breachingad
- Breachingad
Breakrsa
Breakrsa
- Breakrsa
Burpsuitebasics
Burpsuitebasics
- Burpsuitebasics Burpsuitebasics
  Table of contents
  - Table of contents
    
    Getting Started What is Burp Suite?
    
    Getting Started Features of Burp Community
    
    Getting Started Options
    
    Proxy Introduction to the Burp Proxy
    
    Proxy Connecting through the Proxy (FoxyProxy)
    
    Proxy Proxying HTTPS
    
    Proxy Scoping and Targeting
    
    Proxy Site Map and Issue Definitions
    
    Practical Example Attack
Burpsuiteintruder
Burpsuiteintruder
- Burpsuiteintruder
Burpsuiteom
Burpsuiteom
- Burpsuiteom
Burpsuiterepeater
Burpsuiterepeater
- Burpsuiterepeater
Codeanalysis
Codeanalysis
- Codeanalysis
Commonlinuxprivesc
Commonlinuxprivesc
- Commonlinuxprivesc
Contentdiscovery
Contentdiscovery
- Contentdiscovery
Cowboyhacker
Cowboyhacker
- Cowboyhacker
Crackthehash
Crackthehash
- Crackthehash
Cryptographyintro
Cryptographyintro
- Cryptographyintro
Cybergovernanceregulation
Cybergovernanceregulation
- Cybergovernanceregulation
Dastzap
Dastzap
- Dastzap
Dataxexfilt
Dataxexfilt
- Dataxexfilt
Easyctf
Easyctf
- Easyctf
Encryptioncrypto101
Encryptioncrypto101
- Encryptioncrypto101
Enumerationpe
Enumerationpe
- Enumerationpe
Exploitingad
Exploitingad
- Exploitingad
Fileinc
Fileinc
- Fileinc
Hydra
Hydra
- Hydra
Ice
Ice
- Ice
Intronetworksecurity
Intronetworksecurity
- Intronetworksecurity
Johntheripper0
Johntheripper0
- Johntheripper0
Kenobi
Kenobi
- Kenobi
Lateralmovementandpivoting
Lateralmovementandpivoting
- Lateralmovementandpivoting
Linprivesc
Linprivesc
- Linprivesc
Linuxfundamentalspart1
Linuxfundamentalspart1
- Linuxfundamentalspart1
Linuxfundamentalspart2
Linuxfundamentalspart2
- Linuxfundamentalspart2
Linuxfundamentalspart3
Linuxfundamentalspart3
- Linuxfundamentalspart3
Linuxprivesc
Linuxprivesc
- Linuxprivesc
Linuxsystemhardening
Linuxsystemhardening
- Linuxsystemhardening
Malmalintroductory
Malmalintroductory
- Malmalintroductory
Metasploitexploitation
Metasploitexploitation
- Metasploitexploitation
Meterpreter
Meterpreter
- Meterpreter
Netsecchallenge
Netsecchallenge
- Netsecchallenge
Ohsint
Ohsint
- Ohsint
Operatingsystemsecurity
Operatingsystemsecurity
- Operatingsystemsecurity
Owaspjuiceshop
Owaspjuiceshop
- Owaspjuiceshop
Owasptop102021
Owasptop102021
- Owasptop102021
Passwordattacks
Passwordattacks
- Passwordattacks
Persistingad
Persistingad
- Persistingad
Picklerick
Picklerick
- Picklerick
Postexploit
Postexploit
- Postexploit
Powershell
Powershell
- Powershell
Printerhacking101
Printerhacking101
- Printerhacking101
Redteamrecon
Redteamrecon
- Redteamrecon
Rpnessusredux
Rpnessusredux
- Rpnessusredux
Rrootme
Rrootme
- Rrootme
Sast
Sast
- Sast
Seriskmanagement
Seriskmanagement
- Seriskmanagement
Shodan
Shodan
- Shodan
Sql injection
Sql injection
- Sql injection
Steelmountain
Steelmountain
- Steelmountain
Thelayoftheland
Thelayoftheland
- Thelayoftheland
Threatmodelling
Threatmodelling
- Threatmodelling
Traverse
Traverse
- Traverse
Uploadvulns
Uploadvulns
- Uploadvulns
Vulnerabilitycapstone
Vulnerabilitycapstone
- Vulnerabilitycapstone
Vulnerabilitymanagementkj
Vulnerabilitymanagementkj
- Vulnerabilitymanagementkj
Vulnversity
Vulnversity
- Vulnversity
Walkinganapplication
Walkinganapplication
- Walkinganapplication
Weaponization
Weaponization
- Weaponization
Winadbasics
Winadbasics
- Winadbasics
Windows10privesc
Windows10privesc
- Windows10privesc
Windowsfundamentals1
Windowsfundamentals1
- Windowsfundamentals
Windowsfundamentals2
Windowsfundamentals2
- Windowsfundamentals2
Windowsfundamentals3
Windowsfundamentals3
- Windowsfundamentals3
Windowslocalpersistence
Windowslocalpersistence
- Windowslocalpersistence
Windowsprivesc20
Windowsprivesc20
- Windowsprivesc20
Wiresharkpacketoperations
Wiresharkpacketoperations
- Wiresharkpacketoperations
Wiresharkthebasics
Wiresharkthebasics
- Wiresharkthebasics
Wonderland
Wonderland
- Wonderland

Burp Suite: The Basics Banner

Burp Suite: The Basics Logo

Burp Suite: The Basics (Old)

This guide contains the answer and steps necessary to get to them for the Burp Suite: The Basics room.

[!Note] Please note the BurpSuite rooms have been updated to reflect a newer version. As such some of these answers might not be correct anymore. Most of them still are but can be out of order of the new room.

Table of contents

Getting Started What is Burp Suite?
Getting Started Features of Burp Community
Getting Started Options
Proxy Introduction to the Burp Proxy
Proxy Connecting through the Proxy (FoxyProxy)
Proxy Proxying HTTPS
Proxy Scoping and Targeting
Proxy Site Map and Issue Definitions
Practical Example Attack

Getting Started What is Burp Suite?

Which edition of Burp Suite will we be using in this module?

The answer can be found in the text provided or through an internet search.

Click for answer
Burp Suite Community

Which edition of Burp Suite runs on a server and provides constant scanning for target web apps?

The answer can be found in the text provided or through an internet search.

Click for answer
Burp Suite Enterprise

Burp Suite is frequently used when attacking web applications and ______ applications.

The answer can be found in the text provided or through an internet search.

Click for answer
mobile

Getting Started Features of Burp Community

Some of the functionalities of Burp Suite Community edition.

Which Burp Suite feature allows us to intercept requests between ourselves and the target?

The answer can be found in the text provided or through an internet search.

Click for answer
Proxy

Which Burp tool would we use if we wanted to bruteforce a login form?

The answer can be found in the text provided or through an internet search.

Click for answer
Intruder

Getting Started Options

The answers to the following questions can be found by looking through the settings menus in Burp Suite.

In which Project options sub-tab can you find reference to a "Cookie jar"?

Cookie

Click for answer
Sessions

In which User options sub-tab can you change the Burp Suite update behaviour?

Update

Click for answer
Misc

What is the name of the section within the User options "Misc" sub-tab which allows you to change the Burp Suite keybindings?

Bindings

Click for answer
Hotkeys

If we have uploaded Client-Side TLS certificates in the User options tab, can we override these on a per-project basis (Aye/Nay)?

The answer can be found in the text provided or through an internet search.

Click for answer
Aye

Proxy Introduction to the Burp Proxy

Which button would we choose to send an intercepted request to the target in Burp Proxy?

On the proxy tab we can enable intercept, open the browser, and navigating to tryhackme.com.

Intercepted

If we want to send the request to the browser, we must click forward.

Forwarded

Click for answer
Forward

[Research] What is the default keybind for this? Note: Assume you are using Windows or Linux (i.e. swap Cmd for Ctrl).

With a quick search we can find the required hotkey.

Click for answer
Ctrl+F

Proxy Connecting through the Proxy (FoxyProxy)

Read through the options in the right-click menu.

There is one particularly useful option that allows you to intercept and modify the response to your request.

What is this option?

First we make sure to enable the intercept in BurpSuite and FoxyProxy in Firefox.

Intercepted

After intercepting the request we can inspect the menu options.

Option

Click for answer
Response to this request

Proxy Proxying HTTPS

I had already configure Firefox before with the certificate for Burp Suite. However, when trying in this room, it seemed to not work anymore. Even downloading the certificate didn't work.

So I made a backup of the current certificate that was loaded, deleted it, and then I could download the certificate again.

After importing it, I could visit TLS enabled websites in Firefox through FoxyProxy.

Proxy Scoping and Targeting

No real difference was spotted when targeting the specific URL (http://http://10.10.195.240/). This might be due to the website having no redirects.

Not Scoped

Proxy Site Map and Issue Definitions

Take a look around the site. Visit every page linked to from the homepage, then check your sitemap -- one endpoint should stand out as being very unusual!

Visit this in your browser (or use the "Response" section of the site map entry for that endpoint)

What is the flag you receive?

After visting all sites, we can see our sitemap in BurpSuite

URL

One of these entries does indeed stand out. Lets visit it to see if we get our flag.

Flag

Click for answer
THM{NmNlZTliNGE1MWU1ZTQzMzgzNmFiNWVk}

Look through the Issue Definitions list.

What is the typical severity of a Vulnerable JavaScript dependency?

If we navigate to the Issue Definitions list related to our sitemap, we can find the severity for a Vulnerable JavaScript dependency.

Vulnerability

Click for answer
Low

Practical Example Attack

Try to bypass the filter to achieve Cross Site Scripting.

First thing to try obviously, is our payload, to see if it is indeed filtered. This does seem to be the case unfortunately.

After making sure FoxyProxy in Firefox and Intercept in BurpSuite are both turned on, we can enter some fake but allowed data.

Query

After submitting, we should have intercepted the request in BurpSuite.

Request

Now we can change the email part of the request with our own payload:

<script>alert("Succ3ssful XSS")</script>

Script

Now select the payload and use the Ctrl + u shortcut to encode the string.

Script Encoded

Now we forward the modified request with BurpSuite and we should receieve a pop-up message.

Success