# Burp Suite

Web proxy for intercepting, modifying, and repeating HTTP requests.

**Install:** Download from [portswigger.net/burp](https://portswigger.net/burp/releases/) or run `java -jar burpsuite.jar`

***

## Quick Start

1. Start Burp Suite
2. `Proxy` tab > Click `Open Browser` (pre-configured Chromium)
3. Browse target website - requests appear in `Proxy > HTTP History`

***

## Proxy Setup

### Pre-Configured Browser

Fastest method - click `Open Browser` in `Proxy > Intercept` tab.

### Manual Firefox Setup

1. Install [FoxyProxy](https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/)
2. Add proxy: `127.0.0.1:8080`
3. Install CA cert:
   * Browse to `http://burp` with proxy enabled
   * Click `CA Certificate` to download
   * Firefox: `about:preferences#privacy` > `View Certificates` > `Authorities` > `Import`
   * Check "Trust this CA to identify websites"

### Change Proxy Port

`Proxy > Proxy settings > Proxy listeners`

***

## Intercepting Requests

### Enable/Disable Intercept

`Proxy > Intercept` tab > Click `Intercept is on/off`

### Intercept Workflow

1. Enable intercept
2. Make request in browser
3. Request appears in Burp
4. Modify request as needed
5. Click `Forward` to send (or `Drop` to discard)

### Intercept Responses

`Proxy > Proxy settings > Response interception rules` > Enable `Intercept responses`

***

## Repeater

Send requests multiple times with modifications.

### Usage

1. Find request in `Proxy > HTTP History`
2. Right-click > `Send to Repeater` (or `Ctrl+R`)
3. Go to `Repeater` tab (`Ctrl+Shift+R`)
4. Modify request
5. Click `Send`
6. View response

### Tips

* Right-click > `Change Request Method` to toggle GET/POST
* Use `Ctrl+U` to URL-encode selected text

***

## Intruder (Fuzzer)

Automate attacks with wordlists.

### Setup

1. Send request to Intruder (`Ctrl+I`)
2. **Positions tab:** Select text, click `Add §` to mark injection points
3. **Payloads tab:** Load wordlist

### Attack Types

| Type          | Description                               |
| ------------- | ----------------------------------------- |
| Sniper        | Single payload position at a time         |
| Battering Ram | Same payload in all positions             |
| Pitchfork     | Different payload per position (parallel) |
| Cluster Bomb  | All combinations of payloads              |

### Payload Options

```
Payload Type:
- Simple List     → Load wordlist file
- Runtime file    → Stream from file (large wordlists)
- Numbers         → Sequential/random numbers
- Brute forcer    → Character set permutations
```

### Payload Processing

Add rules to modify payloads:

* `Skip if matches regex` - Filter payloads
* `Add prefix/suffix` - Append strings
* `Encode` - URL/Base64 encode

### Filter Results

`Settings > Grep - Match` - Flag responses containing specific strings (e.g., `200 OK`)

### Note

⚠️ **Free version limited to 1 request/second** - Use ZAP Fuzzer or ffuf for speed

***

## Match & Replace

Auto-modify requests/responses.

### Setup

`Proxy > Proxy settings > HTTP match and replace rules > Add`

### Common Uses

```
# Change User-Agent
Type: Request header
Match: ^User-Agent.*$
Replace: User-Agent: Custom Agent
Regex: True

# Enable disabled fields
Type: Response body
Match: type="number"
Replace: type="text"

# Remove length limits
Type: Response body
Match: maxlength="3"
Replace: maxlength="100"
```

***

## Decoder

Encode/decode data.

### Access

`Decoder` tab or `Burp Inspector` (in Repeater/Proxy)

### Supported Formats

* URL encoding
* Base64
* HTML entities
* Hex
* ASCII hex
* Gzip

### Quick Encode

In Repeater: Select text > Right-click > `Convert Selection > URL > URL-encode`

Or: Select text > `Ctrl+U`

***

## Scanner (Pro Only)

### Target Scope

1. `Target > Site map` - View discovered paths
2. Right-click target > `Add to scope`
3. `Target > Scope` - View/edit scope

### Crawl

Discover all pages/links:

1. `Dashboard > New Scan`
2. Select `Crawl`
3. Configure speed (Fastest/Normal)
4. Start scan

### Passive Scan

Analyze responses without sending new requests:

* Right-click request > `Do passive scan`
* Finds: Missing headers, DOM XSS, info leaks

### Active Scan

Full vulnerability scan:

* Right-click request > `Do active scan`
* Or: `Dashboard > New Scan > Crawl and Audit`

**Tests:** SQLi, XSS, Command Injection, Path Traversal, etc.

### Reports

`Target > Site map` > Right-click target > `Issue > Report issues for this host`

***

## Useful Extensions

Install from `Extender > BApp Store`

| Extension      | Purpose                    |
| -------------- | -------------------------- |
| Active Scan++  | Enhanced scanner           |
| Autorize       | Authorization testing      |
| Logger++       | Advanced logging           |
| JWT Editor     | JWT manipulation           |
| Param Miner    | Hidden parameter discovery |
| Retire.js      | JS vulnerability detection |
| Turbo Intruder | Fast fuzzing (Python)      |
| Hackvertor     | Advanced encoding          |

***

## Keyboard Shortcuts

| Action               | Shortcut       |
| -------------------- | -------------- |
| Send to Repeater     | `Ctrl+R`       |
| Send to Intruder     | `Ctrl+I`       |
| Go to Repeater       | `Ctrl+Shift+R` |
| Forward request      | `Ctrl+F`       |
| URL encode selection | `Ctrl+U`       |
| Toggle intercept     | `Ctrl+T`       |
| Search               | `Ctrl+Shift+F` |

***

## Proxy CLI Tools

### With Proxychains

```bash
# Edit /etc/proxychains.conf
# Add: http 127.0.0.1 8080

proxychains -q curl http://target.com
proxychains -q sqlmap -u "http://target.com/?id=1"
```

### With cURL

```bash
curl -x http://127.0.0.1:8080 http://target.com
curl --proxy http://127.0.0.1:8080 -k https://target.com
```

### With Metasploit

```bash
msf6 > set PROXIES HTTP:127.0.0.1:8080
```

***

## Tips

* Use `Logger` tab to see all traffic (including from scanner)
* `Comparer` tab for diff'ing responses
* Right-click requests to `Copy as curl command`
* `Target > Site map` shows full application structure
* Enable `Unhide hidden form fields` in `Proxy > Proxy settings > Response modification rules`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://book.ice-wzl.xyz/tool-guides/burp-suite.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.