Intercept In Burp Suite

2/15/2022by admin

A lot of us, as hobbyists only used Burp Suite when we were diving into a CTF. Since that sort of use is timeboxed and we’re generally in a mad scramble to grab flags, we tend to ignore quality of life changes and learning the deeper configuration options.
Perhaps the most common example I see my peers dealing with is trash from the Firefox ‘success.txt’ messages, slack ping-pongs, and the mass amounts of google nonsense and noise while you’re using intruder.

  1. How To Use Burp Suite
  2. How To Use Intercept In Burp Suite
  3. Burp Suite Community Edition

In a meek attempt to save your sanity while forwarding 30 requests for every proxied request you may have done something dumb like using the interface options for ‘proxy/intercept/action/don’t intercept requests to this whatever
When in truth, this actually just limits scope in your HTTP history.
This feature phenomenal on actual assessments when you need to verify reproducibility and provide veracity in your documentation rather than what you might get if you were aggressing through a CTF challenge to try and get the flag.
A more advanced method of wasting your time is in resorting to the target/scope functionality itself. You may be confused when this illusion fades and you still find your intruder queue mired with garbage from across the intersphere.

TheSolution:

Inside of Proxy/Options/Intercept Client Requests is a custom rulebox w/ several default options. The singular checked rule ‘And URL Is in target scope’ is what you need (After you’ve specified the scope)
TLDR; DO THIS

Burp

This should spare you everthing except for websockets requests. Keep in mind that the default rule is a boolean ‘AND’, so you need to specify another rule first.
To deal with the websockets requests, drop to the line below and unselect the websockets selections.

Now you’ll be free to use Firefox both for your attack, and your CTF chat, or just updating your garbage blog instead of hacking boxes.
Enjoy!

And once this is the same as mine, and once you run the Burp Suite and the intercept is off, you want to go and open up a new tab and type here HTTP and then Burp. So once you type that it will lead you to this page where it will say ‘Burp Suite Community Edition. Welcome to Burp Suite Community Edition’. Click on 'i' button as shown below. Make sure that your system where you want to intercept the traffic and the iOS device both are connected to same network. 5: Select 'Configure Proxy' as shown. 6: Select 'Manual' and enter the IP address of your system where the Burp Suite is running. Mar 18, 2019 One of the best tool for penetration testing is Burp Suite. It has a free edition (Community edition) which comes with the essential manual tool. The essential manual tool is sufficient for you to. Proxies like the one included in Burp Suite are designed for traffic interception. This allows the owner of the proxy to view, modify and drop packets passing through the proxy. While this can certainly be used for criminal purposes, it can also be used by cyberdefenders to protect against malware and dangerous user behavior.

References / Useful links:
Setting up Burp With Firefox
Automatically drop out-of-scope requests

SuiteBurp

How To Use Burp Suite

Introduction: Burp suite is an intercepting proxy that can intercept requests from client side & responses from the server side. The ability to intercept allows hackers to manipulate requests/responses to look for & exploit vulnerabilities.

The Problem

For newcomers to application penetration testing, a reasonably common question is How do you proxy HTTPS traffic?

I’ve heard it frequently from students and from seasoned developers alike. Their instinct is correct, in that we have to do something extra to make that work. While this post won’t go into a deep dive on the technical elements of TLS, let’s take a high-level look at interception of HTTPS traffic. If you have been learning in a lab environment like SamuraiWTF, there’s a reasonable possibility that the target apps have all been served unencrypted (HTTP). For Burp Suite to intercept TLS-encrypted (HTTPS) traffic, it has to decrypt it. The traffic is captured in Burp Suite, then re-encrypted and sent to the browser. The problem with this is that SSL/TLS uses certificates to ensure that the traffic was encrypted by expected authority. When the secureideas.com website performs its side of the TLS handshake, it sends a certificate that has been issued by a certificate authority (CA). This authority is either trusted directly, or has implicit trust granted by another authority. And that chain-of-trust can continue several levels up, as in the hierarchy pictured below. The Starfield Class 2 CA is widely trusted by default, and that trust is granted to their Services Root CA, which then grants the trust to the Amazon Root CA 1, and so on until we get to the certificate the website is actually serving.

Going back to Burp Suite, it doesn’t have the private key associated with the *.secureideas.com certificate. So when you browse to secureideas.com, and Burp decrypts and re-encrypts your traffic, it is sent from Burp to your browser with a root certificate generated by your Burp Suite instance. Since this certificate wasn’t granted by an authority that your computer already trusts, your browser receives it and responds the same way it would if an unauthorized party was intercepting your traffic from a person-in-the-middle position. Which looks something like this:

Not only is the browser upset with the situation, but Burp Suite is raising alarms about the problem too. You can see them in the Event log under the Dashboard tab in Burp Suite.

How to intercept localhost in burp suite

The Solution

This is easy to fix. All we need to do is tell our browser that the Burp CA can be trusted. Because every new installation of Burp generates a different CA, this doesn’t create a risk of somebody else intercepting your traffic surreptitiously with their Burp instance. The actual steps to perform this vary slightly by operating system. For today, we’ll just cover Linux since that’s what I use for all my testing, and it’s applicable to Burp Suite.

How To Use Intercept In Burp Suite

Linux

1. Export the Certificate from Burp
2. Add the trust in the browser

These steps are for Chrome, but the process is similar for Firefox.

Burp Suite Community Edition

And you’re done. Just like that, you can proxy TLS-encrypted traffic through Burp without any issues. If your TLS issues persist, one thing to check is whether the website is using HTTP Public Key Pinning (HPKP). This is an uncommon security control that has some major drawbacks, but it breaks your ability to do person-in-the-middle interception properly.

As long as your Burp CA remains the same, you won’t have to go through these steps gain in that browser (or at all on Mac/Windows, as they use system-level cert trust stores).

Comments are closed.