Danger
PRO APPS ARE FORBIDDEN TO USE ON THE OSCP EXAM. The free edition of burp suite is fine, however
Pre-made commands
Open burpsuite
burpsuiteTabs
| Flag | Description |
|---|---|
| Proxy | Intercept request from browser |
| Repeater | Craft new requests or modify the ones in history |
| Intruder | Automate a variety of attack angles (Brute force passwords) |
Info
With the Burp Proxy tool, we can intercept any request sent from the browser before it is passed on to the server. We can change almost anything about the request at this point, such as parameter names or form values. We can even add new headers. This lets us test how an application handles unexpected arbitrary input.
Finding burpsuite
