#8 Burp Suite Tutorials - Using Engagement Tools and Other Utilities

Burp Suite Tutorials - Using Engagement Tools and Other Utilities

The Engagement Tool is a Pro-ONLY feature of the Burp Suite. In addition to engagement In the tool, we will look at some small utilities who assist in the testing process, such as search, Target Analyst, Content Discovery, Task Scheduler, CSRF POC Generator, and Manual test simulator.

Of all these, the manual testing simulator has no actual use except maybe Like the inside joke for the creators But it is capable and it can be used. 

Thought behind All other equipment is to make the testing process easier and faster. 

These tools Enlargement of the testing process, but due to their nature, they may be time-consuming And boring when done manually. 

Since they are of less priority, we can give They miss one, but the Burp Suite Pro version helps us to ensure that we go ahead And complete them.

In the free version of the Burp Suite, the Engagement Device Context Menu is disabled With a message that this is only for the pro version, as shown The following screenshots:

In the Pro version, we can see many options for angular tools in context. The menu, as shown in the following screenshot:

In this tutorial, we will cover Search, Target Analyzer, Content Discovery. Task Scheduler, and the manual test simulator

Search

Search is an important interface while working with Burp Suite. It works fine For most of us who are already familiar with the search to be the primary interface Get information on the web. 

Has the advantage of using search as an interface The fact is that we stop taking care of how much information is available to us We are able to find relevant information as quickly and efficiently as possible.

To start searching, we just need to go to the bar. Find in the menu bar. It provides Let us have a suite-wide search area. Have a look at the following screenshots:

The search form is quite easy to understand. Any result that matches the general The text will be returned by the search target, proxy, scanner, and repeater. as always, 

We can use regular expressions, choose to negate the match, can only search in-scope Items, and even the case. 

Search will apply to all header and body requests More responses. 

Have a look at the following screenshots:

In the target site map context menu, you can search only for comments. sometimes, Developers can disclose information which leaves the information. 

Burp suit You can find all the HTML comments on all the pages that you can view and go through you These quickly

We can export comments for further analysis or add them as part of our Report. 

Dynamic Updates allow us to update automatically based on search results If we have more words in our responses. 

Take a look at the following screenshots:

Exports comments and export script wizards look exactly the same. Together Options to cut, save to clipboard or save in a file, and with URL In the report, they both allow us to collect and process further the comments of the comments More script:

Target Analyzer

The target analyzer tool is the perfect example of an engagement tool. The analyst can help you figure out how many dynamic and static links you can find Working on a website. 

It will also tell you how many parameters are required For each link. It can be used to calculate the time and effort needed to use it application. 

In addition, it can give you a good idea of ​​what to test first, or what
To focus on starting the application. Note that the target analyzer only chooses Information from the site map, and it does not scan any of its own. 

So Before analyzing the target, it is necessary to complete the work of mapping the application.

Goal Analyzer shows the number of dynamic and static URLs. There is also mention in this The number of total parameters to see, as shown in the following screenshot:

Under the dynamic URL tab, we can see the full list of dynamic URLs.

Similarly, under the static URL, we can see all the listed static URLs. It is evident, Under the Parameters tab, we can see all the parameters found so far, as shown In the following screenshot:

In the parameters tab, we can see each and every unique parameter listed with a list Where the parameters were found in those paths. In addition, we can see exact requests and The response uses the parameter.

Content Discovery

How do you find a directory that is not linked to any page in the app? 

If We Know the directory name, we can investigate its existence by requesting it. 

The HTTP status code of 200 and 403 will tell us quickly that the directory actually exists But there is no link anywhere. Similarly, there are many techniques to search for content.

Note: Depending on how a web application is made, content discovery Can be quite useful or completely useless. 

Some applications can come back The HTTP status code 200 is also for those resources which are not found. So we Need to be smart about the results. 

Apart from this, we can do with the content Discovery can be achieved even by using intruders. General examiner Use other search tools such as OWASP DirBuster and Nikto
With the Burp Suite

To get started, in the Pro version of the Burp Suite, we can right-click on any HTTP Click on the request and search content option under engagement devices.

This action can also be done in the target site map.

Burp suit uses various techniques to discover content, including brute-forcing File and folder names. First of all, we define the starting path for content discovery and Specify whether we have files and directories or only after files:

There is an underlying list for file names and directory names. Burp can use any file and reuse Directory names are found during this search and add them to the list. 

So, if the recurring The test is enabled, all names already found will be tested in each new directory. found it. Have a look at the following screenshots:

Additionally, we can specify which file extension should be checked and which Must be overlooked, and ideally, it is always worthwhile to search for file extensions The document of a web application should never be in the root:

We can choose to add the output of the discovered content to the main Targeted Site Search and Spent for More Search At this point, we are fully prepared to search for content. It is controlled by the control Tab. 

Once all of us are ready, click the session button and the content is not running Discovery will start. Some statistics are updated during the content discovery session Running:

Task Scheduler

The Burp Suite offers Task Scheduler for some devices that can be quite useful Depends on your use case.

Sometimes, customers have strict requirements that are allowed by us at what time Take a safety test. Task Scheduler lets you start, resume, stop scanning, Spread out

We can set up tasks under engagement equipment or go to the suites option. Diverse Under the scheduled task. Have a look at the following screenshots:

Once we select the type of work, then we choose the date and time to start the work. We can do it

Also, specify the interval. The interval can be in days, hours, or minutes, as shown in The following screenshots:

Now that the task is scheduled, if we want to add, edit or remove the scheduled Work, we need to go to the suites option. Muscle | scheduled task. You can see it The following screenshots:

CSRF Proof of Concept Generator

CSRF Proof of Concepts (PoC) Generator is the most useful tool
By Pro version of the Burp Suite. It just takes any request and automatically Cross-site requests write HTML code to the PoC for forgery

We just have to select an HTTP request, right-click on it,  and navigate to Engagement tools | Generate CSRF PoC.

The ideal candidate for CSRF testing will be a POST request, which is not Any CSRF token check is being implemented. 

CSRF PoC generator not only makes HTML code for us, but it can also generate JavaScript required for AutoSubmit Form Have a look at the following screenshots:

There are other options that can be used, but in most cases, CSR technology Autoslexed works very well for the generation of PoC. 

If you any Changes in options, need to recreate the code using rebirth The button given in the lower-left corner of the tool window Have a look at The following screenshots:

Do not forget to click on Regenerate after changing every option as shown. The following screenshots:

Summary

In this tutorial, we have seen some small tools that are part of Burp's Pro Edition Suite. Even though we could do without these tools, they work with customers, Reporting, etc., easy. 

We looked at the suite-wide search functionality, how can we
Find comments and scripts in web pages, how we can analyze a goal that can help Assessment of our trial efforts, and additional search of content that is not linked Anywhere via brute -forcing file and directory names We also saw how we are Schedule tasks and repeat them and how can we generate a POC for CSRF?

Most of these can be performed manually, and many of us are doing this; With him Automation provided by the Burp Suite, we can ensure their quality and consistency.

Tasks, which are of less priority, but can make a great test evaluation even better.

In the next tutorial, we will see how we can increase the main functionality of Burp Suite with Extensions using the Burp Suite Extender Tool