Proxy
This is an intercepting web proxy that operates as a man-in-the-middle between the end browser and the target web application. It lets you intercept, inspect and modify the raw traffic passing in both
Intercept
In Burp, go to "Proxy" > "Intercept" tab, and get familiar with the user interface.
2. Switch to "Proxy" > "HTTP history" tab.
3. Switch to "Proxy" > "Websockets history" tab.
4. Switch to "Proxy" > "Options" tab, and look at the different options available.
5. In Burp, go to "Proxy" > "Intercept" tab, and ensure that interception mode is turned on. If the intercept control button says "Intercept is off", then click on it to toggle the interception status.
6. With the intercept mode enabled in Burp Suite, fill and submit the login form of the Security Shepherd application.
7. Switch to "Proxy" > "Intercept" tab and observe that the submitted request has been intercepted. At this point, it is possible to modify the request parameters before forwarding the request to the origin server.
8. Analyse the intercepted request, and observe the parameters passed in POST request body.
9. Tamper with the input parameters, i.e., change values for login and pwd parameters.
10. Click on "Forward" button, and analyze the next request.
11. Go to "Proxy" tab > "Options" sub-tab > "Intercept Server Responses" section, and check the checkbox labelled as "Intercept responses based on the following rules".
12. For a smoother experience, add suitable interception rules for requests and responses. The following combination of request and response interception rules could be useful:
13. Switch to "Proxy" > "Intercept" tab and forward the intercepted request (from step-#10). This time, the server response should have been intercepted by the Burp interceptor.
14. Click on "Forward" button, and analyze the next request/response. Repeat until there is no more request/response to forward. Alternatively, if you are done analyzing the request, turn interception mode off by clicking on the "Intercpet is on" button.
HTTP History
Navigate to "Proxy" tab > "HTTP history" sub-tab to see a full record of all messages that have been intercepted by the Burp Proxy.
2. Click on the filter bar, above the history table, and select the checkbox labelled as "Show only in-scope items".
3. To apply the filter, click anywhere outside of the display filter form.
4. Right-click on the history table and select "Show new history window" option from the context menu, to open an additional view.
5. Click on a column header to sort contents of the history table.
6. To highlight a request, right-click on the chosen request and select "Highlight" from the context menu.
7. To add a comment against a request, right-click on the chosen request and select "Add comment" from the context menu.
8. If you wish to forward an interesting request to Scanner, Repeater, Intruder, or Sequencer tools, right-click on the selected request and choose an appropriate option from the context menu.
Last updated
