Buckle up! In this lesson, we’ll use BurpSuite to conduct a privilege escalation attack. We’ll hack into a machine provided by TryHackMe. This is one of my favorite companies for learning CyberSecurity. They have incredible resources for free (and 100% legal) hacking! Make sure you’ve completed the BurpSuite Part I and Part II introductory posts…
Let’s continue from Part I. We covered the Dashboard, Proxy, and Repeater sections in that lesson. Time to cover the Intruder section: Intruder The Intruder is fundamentally a fuzzing tool. It sends multiple requests with altered values to a target. There are 4 tabs within the Intruder: Positions, Payloads, Resource Pool, and Settings Positions This…
This post will cover BurpSuite, the most popular VAPT (Vulnerability Assessment and Penetration Testing) tool for web applications. You can use this tool to intercept web requests and responses, including HTTPS, and modify them in real-time to find vulnerabilities in web apps. We’ll install it onto our Kali box and cover the basics. By the…