Skip to content

Latest commit

 

History

History
22 lines (19 loc) · 1.39 KB

07_WEB_PTEST.md

File metadata and controls

22 lines (19 loc) · 1.39 KB
Raw

Instructor: Sunil Gupta

Burp Suite Configuration:

  • [OPEN] Burpsuite from the Application menu or [TYPE] burpsuite in the terminal

    • [CLICK] Proxy tab > Options tab
    • Under Proxy Listeners section you'll see the interface column with value: 127.0.0.1:8080. This is the interface where the triggered request are forwarded to, which is basically your Attacker's PC (127.0.0.1 / localhost / loopback)

  • [OPEN] Browser(any, but Firefox in here)

    • ... > Preferences OR Settings > [SEARCH] Network Settings section > [CLICK] Settings...
      • [CHOOSE] Manual proxy configuration
        • [SET] HTTP Proxy 127.0.0.1 & Port 8080
        • [CHECK] Use this proxy server for all protocols
      • OK
    • [OPEN] New Tab > [TYPE] http://burpsuite > CA Certificate > [DOWNLOAD] cacert.der
    • ... > Preferences OR Settings > [SEARCH] Certificates section > [CLICK] View Certificates...
      • Authorities tab > Import...
        • [SELECT] cacert.der (cert that was downloaded earlier)
        • [CHECK] the following option:
          • Trust this CA to identify websites.
          • Trust this CA to identify email users.
        • OK