HackTricks Twitter LinkedIn Sponsor Website

Define the perimeter

PreviousIntercept HTTP traffic with Burp Proxy NextIntruder et Repeater

Last updated 4 months ago

Define the perimeter

The target scope tells Burp which URLs and hosts you want to test. This allows you to filter traffic generated by your browser and other sites, so you can focus on the traffic that interests you.

Google Gruyere

This site imitates the principles of a very basic social network, where you can create a user profile (pinned name, photo, message and website...), manage it and post short messages (snippets in this case ), so it is very suitable as study material.

The link will direct you to your instance (see image below, behind the URL there is my instance number).

The lab shows how vulnerabilities in web applications can be exploited and how to defend against these attacks. In the lab, you will practice cross-site scripting (XSS), cross-site request forgery (XSRF),... and you will also have the opportunity to evaluate the impacts of such vulnerabilities (denial of service, disclosure of 'information, remote code execution...).

Start your Proxy

Depending on what you are using, start either the BURP browser or your FoxyProxy addon.

Then, you go to the URL of your GRUYERE via your browser:

Now try browsing the app a little by clicking on the features you see:

Sign In
Sign Up
Home

Analyze your Proxy traffic

In Burp, go to the Proxy tab > HTTP History. For easier reading, continue clicking the leftmost column header (#) until the requests are sorted in descending order. This way you can see the most recent requests at the top of the screen.

Note that HTTP History displays details of every request made by the browser, including requests to third-party websites that are not of interest to you.

Set the target

Go to Target > Site map. In the left panel, you can see a list of hosts that your browser has interacted with. Right-click on the target site node and click “Add to scope”. When prompted in a pop-up, click Yes to exclude traffic out of scope.

Click the display filter above HTTP History and select Show only items in scope.

Scroll through your HTTP history. Notice that it now only displays entries from the target website. All other entries have been hidden. This greatly simplifies the history, which now only contains the elements that interest you.

If you continue browsing the target site, you will notice that out-of-scope traffic is no longer recorded in the sitemap or proxy history.