In this article, I will write a write-up for Burp Suite: The Basics that covers What is Burp Suite, Features of Burp Community, Installation, The Dashboard, Navigation, Options, Introduction to the Burp Proxy, Connecting through the Proxy (FoxyProxy extension on Firefox), Site Map and Issue Definitions, The Burp Suite Browser, Scoping and Targeting, Proxxing HTTPS, and Example Attack.
Which edition of Burp Suite runs on a server and provides constant scanning for target web apps?
Burp Suite EnterpriseBurp Suite is frequently used when attacking web applications and ______ applications.
MobileWhich Burp Suite feature allows us to intercept requests between ourselves and the target?
ProxyWhich Burp tool would we use to brute-force a login form?
IntruderWhat menu provides information about the actions performed by Burp Suite, such as starting the proxy, and details about connections made through Burp?
Event log
Which tab Ctrl + Shift + P will switch us to?
Proxy tabIn which category can you find a reference to a "Cookie jar"?
SessionsIn which base category can you find the "Updates" sub-category, which controls the Burp Suite update behaviour?
SuiteWhat is the name of the sub-category which allows you to change the keybindings for shortcuts in Burp Suite?
HotkeysIf we have uploaded Client-Side TLS certificates, can we override these on a per-project basis (yea/nay)?
yeaChallenge
Take a look around the site on
http://MACHINE_IP/— we will be using this a lot throughout the module. Visit every other page that is linked on the homepage, then check your sitemap — one endpoint should stand out as being very unusual!Visit this in your browser (or use the "Response" section of the site map entry for that endpoint)
Answer the questions below
What is the flag you receive after visiting the unusual endpoint?
THM{NmNlZTliNGE1MWU1ZTQzMzgzNmFiNWVk}
Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the THM challenges. We can also connect more on LinkedIn or X.