Burp Suite: Pentesting Web Applications vulnerability

Burp Suite: Pentesting Web Applications vulnerability

In this series we are going to use Burp Suite for complete web application testing. Let’s dive in.

Tools.

  • Burp suite (Tool to test) – comes pre-installed in Kali Linux but readily available for download. You can visit https://portswigger.net/ to learn more.
  • Mozilla FireFox.
  • BeeBox (Web application we are going to test) ~ it is an extremely buggy web application that we can use to explore all of OWASP top 10 and other web applic ation vulnerabilities.
  • Foxy proxy.
  • VirtualBox/Vmware

Steps.

  • Download firefox and install it using the link below:

https://www.mozilla.org/en-US/firefox/new.

  • Download and install the Burp suite community version:

https://portswigger.net/burp/communitydownload.

  • Download and open the BeeBox using the VirtualBox:

https://sourceforge.net/projects/bwapp/files/bee-box/bee-box_v1.6.7z/download.

  • After downloading BeeBox, you extract using any extractor software of your choice. 7-zip, winrar etc.
  • Double click on the bee box to open it on virtualbox.
  • After opening it go to the terminal and type ifconfig to see the local ip address.
  • Now open the Mozilla and type the inet addr.

That’s all. We have successfully set up the web application that we want to test.

Now its time to setup Burp Suite.

Open Burp Suite.

  • Select temporary project.
  • Select use burp defaults and click start Burp.

Now open the Mozilla and download the foxy proxy extension.

https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/

  • Click the foxy proxy icon and select option.
  • Click add to add the proxy and enter the detail as shown in the below screenshot and click save.
  • Now on clicking the foxy proxy icon we can see the different proxy. We select burp proxy and the browser get into the proxy mode. That’s all for the setup. In the next blog, we shall see how to use Burp Suite to setup the scope

Leave a Reply

Your email address will not be published. Required fields are marked *