Using Burp Suite efficiently means understanding your tools and capabilities, but it also means having a full scope of the web application you’re about to start testing. Let’s say your friend asks you for help changing their bike’s handlebars. You’d have to use a wrench to unscrew the old handlebars, replace them with new ones, and screw the new ones in. You could be a master at screwing bolts in and you could have a PhD in wrenches, but if you’ve never seen a bicycle in your life, and you don’t know where the handlebars are, you won’t be much help to your friend. The idea is the same (albeit a little less silly) with penetration testing.
You’ll want to look at your web application the same way the guys in Ocean’s Eleven look at a casino. If you’ve never seen an Ocean’s movie, it’s about a rag-tag group of thieves who go around robbing high-profile locations. It’s all very elaborate and entertaining, but there are a couple of similarities. Before doing anything, the gang gets blueprints of the building they want to break into. Sometimes they build life-size replicas of the vaults they want to crack. They gather as much information about their target as they can before making a decision.
This is what you should do as well. When tasked with penetrating a website, check everything. Find places where a user can enter input, like text boxes or buttons. Look for any links that may lead to other websites. Check for files and forms. Get a feel for how the components of the web application interact with other web applications as well as each other.
If this seems long and tedious, that’s because it is. Nobody has the time or the patience to click and prod every nook and cranny, which is why Burp has a built-in function for it. It’s called Burp Spider and its job is to make yours a whole lot easier. It crawls your site and tells you of all of the different elements that it has to offer. Finding and identifying vulnerabilities is up to you, but the program really does take some weight off your shoulders. Fair warning, however, the spider can miss things, which is why you should always double check what it gives you to make sure you have everything you need.
Using Burp Spider is easy, first, open up Burp and go to the desired URL. Go to the ‘Target’ tab and the ‘Site map’ subtab. Right-click the URL and select “Add to Scope”.
This tells Burp what exactly it should be working with. Anything within the “scope” is data that can be scanned and penetrated, anything outside is fluff. This way you can have lots of tabs open and only crawl what you need to crawl. The next step is to right-click that same URL and select “Spider this Branch”. More files should show up on the right-hand side.
And that’s it. You are now free to analyse the files Burp gives you and begin to manipulate them. I’ll soon be making more posts about the other functionalities Burp has that will help you become a better white-hat hacker.