Skip to main content

THM | Burp Suite: The Basics

· 3 min read

Web Hacking Fundamentals | Burp Suite: The Basics | Summary:

This series of walkthroughs aims to help out complete beginners with finishing the Complete Beginner path on the TryHackMe website. It is based on the learning content provided in the Burp Suite: The Basics room.

Disclaimer: Please note that this write-up is NOT intended to replace the original room or its content, but rather serve as supplementary material for those who are stuck and need additional guidance.

Task | 01 | Introduction

Question 1: Let us start!

No answer needed

Task | 02 | What is Burp Suite

Question 1: Which edition of Burp Suite runs on a server and provides constant scanning for target web apps?

Burp Suite Enterprise

Question 2: Burp Suite is frequently used when attacking web applications and ______ applications.

Mobile

Task | 03 | Features of Burp Community

Question 1: Which Burp Suite feature allows us to intercept requests between ourselves and the target?

Proxy

Question 2: Which Burp tool would we use to brute-force a login form?

Intruder

Task | 04 | Installation

Question 1: If you have chosen not to use the AttackBox, ensure that you have a copy of Burp Suite installed before proceeding.

No answer needed

Task | 05 | The Dashboard

Question 1: What menu provides information about the actions performed by Burp Suite, such as starting the proxy, and details about connections made through Burp?

Event log

Task | 06 | Navigation

Question 1: Which tab Ctrl + Shift + P will switch us to?

Proxy tab

Task | 07 | Options

Question 1: In which category can you find a reference to a "Cookie jar"?

Sessions

Question 2: In which base category can you find the "Updates" sub-category, which controls the Burp Suite update behaviour?

Suite

Question 3: What is the name of the sub-category which allows you to change the keybindings for shortcuts in Burp Suite?

Hotkeys

Question 4: If we have uploaded Client-Side TLS certificates, can we override these on a per-project basis (yea/nay)?

yea

Task | 08 | Introduction to the Burp Proxy

Question 1: Click me to proceed to the next task.

No answer needed

Task | 09 | Connecting through the Proxy (FoxyProxy)

Question 1: Click me to proceed to the next task.

No answer needed

Task | 10 | Site Map and Issue Definitions

Question 1: What is the flag you receive after visiting the unusual endpoint?

<flag>

Task | 11 | The Burp Suite Browser

Question 1: Click me to proceed to the next task.

No answer needed

Task | 12 | Scoping and Targeting

Question 1: Add http://<MACHINE_IP>/ to your scope and change the proxy settings to only intercept traffic to in-scope targets. See the difference between the amount of traffic getting caught by the proxy before and after limiting the scope.

No answer needed

Task | 13 | Proxying HTTPS

Question 1: If you are not using the AttackBox, configure Firefox (or your browser of choice) to accept the PortSwigger CA certificate for TLS communication through the Burp Proxy.

No answer needed

Task | 14 | Example Attack

Question 1: Click me to proceed to the next task.

No answer needed

Task | 15 | Conclusion

Question 1: I understand the fundamentals of using Burp Suite!

No answer needed