Working with Burp Proxy: Intercept

Working with Burp Proxy : Intercept

Burp Proxy option allows you to intercept traffic between your browser and the target web application; duplicating a man-in-the middle attack.

For this, we need to turn on the intercept. The Forward option allows you to send the packets from the browser to the destination webserver. The Drop option allows you to drop the packet. The Action option allows you to forward the traffic to other features of Burp.

Navigate to a page that you want Burp to Intercept. Like in below example I have a test server with a login prompt. We will try and sniff/intercept the password that I have typed in.

Whenever Burp intercepts any traffic it is highlighted. Forward the traffic via Burp and click on Login/Continue/Enter.

Now check for Proxy -> Intercept -> Raw logs in Burp.

Burp has sniffed the password that was sent in clear text (due to http). Same info can be obtained from the “params” tab. We can similarly sniff and modify the contents in other input fields.

We can choose the scope of the security testing. Meaning we can select a particular URL only, within a site as our scope for testing. As shown below scope can be defined at Target-> Site map. Pages that we have visited are shown with a dark color.

Right click a URL and add to scope.

Burp Spider:- The spider tool is used to get a complete list of URLs and parameters for each site. The tool looks into each page that was manually visited and goes through every link it finds within the testing scope. When using Burp spider, ensure that the proxy and interceptors are switched off. More the links manually visited the better, as it gives the spider a larger coverage area.

For webpages that uses an authentication to proceed, we can set up the username and password as shown below. Navigate to spider->options