Burp Suite is software that can do anything between your browser and your Internet connection.
You might be wondering “So what’s so strange about WireShark?” You have heard of the seven reference levels. In short, for those who have not heard, it is the norm to simplify the complexity of having two computers.
For example, follow the steps necessary to read this article. Number one is to connect the computer to a router using a wire or wireless. The router must connect to your ISP via the telephone network. There is a connection between your computer and my web hosting server and you get this web page.
One of the easiest ways in which you can integrate them together is in OSI layer 7. We will talk about this later in a separate article. The difference between WireShark and Burp Suite is that the burp works in the application layer, WireShark works in the transport layer. WireShark is used to say something in a web service, look what someone is sending to someone else.
There is also a burp-free program. But why should we? Let’s use the Pro tool. Another thing is that it’s written in Java so you can use it in Linux and Windows without problems. Needless to say, Java should work after this?
Open burp suite pro and next step is to tell your browser to go through the burp instead of connecting directly to the Internet. When you go to the proxy-> options in burp, you will see that the connection is call 127.0.0.1:8080.
This is the default Burp setting. Replacing 8080 with a port number from 1024 to 65535 is not prohibited. This setting means that you are listening to your computer’s loopback interface and the port it says. If you tell your browser to connect to that port, instead of connecting directly to the Internet, you can watch the conversation between the burp and the browser and the web server.
When you go to edit Firefox -> preferences -> advanced -> network ->, you will get a dialog like this.
Select the manual proxy configuration radio button. Then enter localhost or 127.0.0.1 in the “HTTP Proxy” box. In the “port” box, type 8080 and click OK. (Needless to say, the port number is the same if the listening port number of the burp was changed in the previous step.)
There is an add-on that supports Firefox, Chrome and that is called foxyproxy. If you use it you won’t have to worry about changing the settings.
Now you need to do a little test. Go to the proxy burps -> intercept and verify that there is an “intercept activated” button.
Then go to the browser, type the URL of the site and enter it. Have you seen a change? That link circle has a wobbly circle and the site doesn’t load. Now look at the burp.
You stopped the request by going to your secdevil.com server from your browser. It is not forbidden to modify it. (We will talk about it in a future article on how to change significantly). If you press the forward button, the request is sent to the appropriate server. You will see how many requests a site loads. You can view everything from the History tab.
Click on the respective request in the box above and you will be able to view the request and response card below. Well, do it here and see how it works. The next article will talk more about the burp. I’ll be back until the next tut.
Note: don’t forget to change your browser’s proxy settings when you’re done playing?