12/28/2022 - BurpSuite and Passive Recon

Question 1

In Burp what does the section “Target” and subsection “Scope” do? (ie Scoping)

Answer 1

Define what gets logged and what doesnt (everything will still require Forward)

Question 2

In Burp what does Site Map, Scope, and Issue Definition mean under the Target section?

Answer 2

Site map: Map out the apps we are targeting

Scope: Control target scope to log

Issue Definition: Provides a list of vulnerabilities

Question 3

What is Burp Repeater?

Answer 3

Allows to craft and/or relay intercepted requests to a target at will

*cURL is the manual way to do this

Question 4

What is Burp Intruder?

Answer 4

Fuzzing Tool (usually capture first in Proxy then send to Intruder)

Similar to Wfuzz or Ffuf

Question 5

What are the core Intruder Position types in Burp Intruder?

Additionally, provide how each operates.

Answer 5

Sniper - One payload set on every position parameter at a time

Cluster Bomb - Similar to pitchfork but no key value like pair (tries every possible combination)

Pitch Fork - Uses one payload set per position (most popular) (ie key-value pair if using two wordlists)

Battering Ram - Same as Sniper but puts the same payload in every position at the same time (ie if two positions are filled this type will plug the variable with the same word for each position)

Question 6

What does decoder do in Burp?

Answer 6

Manipulate data (decode or encode data) in various forms

Question 7

What does Comparer do in Burp?

Answer 7

Compare two data sets in ASCII or Bytes
(ie

Question 8

What does Sequencer do in Burp?

Answer 8

Measure the entropy (randomness) of tokens that used to identify something

Question 9

What is Burp Extender?

Answer 9

Extensions you can attach to Burp (ie Burp APIs); Python or Java built.