Sign up to save your podcasts
Or
Share Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 4: Burp Suite Proxy: Configuration, Request Interception, and Repeater
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 4: Burp Suite Proxy: Configuration, Request Interception, and Repeater
In this lesson, you’ll learn about:
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- Burp Proxy tab — purpose & subtabs: Intercept (toggle request interception), HTTP History (record of proxied requests), and Options (listen address/port configuration).
- How the proxy works: Burp listens for browser traffic on a configured IP and port (default 127.0.0.1:8080); the browser must be configured for manual proxying to point to the same host/port.
- Intercept workflow: with Intercept on you can view request details (headers, cookies, params, user-agent), then Forward the request to the server or Drop it to stop it.
- Configuring the listening interface: use Proxy → Options to change the bind address/port or add additional listener entries (useful for VM / remote testing).
- Recommended browser: use a separate testing browser (Mozilla Firefox recommended) to avoid contaminating your daily browser profile.
- Handling HTTPS traffic: Burp generates per-host SSL certs signed by its own CA — install Burp’s CA certificate into the browser (visit http://burp while proxied to download it), then mark it trusted (“Trust this CA to identify websites”) and restart the browser. This allows Burp to intercept HTTPS without browser warnings.
- Security caution: only install Burp’s CA in a dedicated testing profile or VM; remove it from normal/production profiles to avoid trusting a local CA inadvertently.
- Repeater tool — purpose: used for manual, iterative testing of a single request—edit, resend, and observe responses without redoing actions in the browser.
- Sending requests to Repeater: from Proxy Intercept or HTTP History use “Send to Repeater” (or Ctrl+R) to move a request into Repeater.
- Repeater workflow: edit the HTTP message in the text editor, press Go to send, and inspect response metadata (status, length, timing) and body to assess effects.
- Use cases for Repeater: manual vulnerability verification and PoC creation (e.g., testing XSS payloads, parameter tampering, SQLi strings) by injecting payloads and observing returned HTML/headers.
- Round-trip to browser for client validation: after modifying a request in Repeater you can generate/replay a URL in the browser to validate client-side behavior (useful for DOM/XSS checks).
- Practical recommendations: verify proxy and CA settings with a simple request first, keep scope/legal authorization documented, and use an isolated VM/profile for all interception tasks.
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
View all episodes
By CyberCode AcademyIn this lesson, you’ll learn about:
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- Burp Proxy tab — purpose & subtabs: Intercept (toggle request interception), HTTP History (record of proxied requests), and Options (listen address/port configuration).
- How the proxy works: Burp listens for browser traffic on a configured IP and port (default 127.0.0.1:8080); the browser must be configured for manual proxying to point to the same host/port.
- Intercept workflow: with Intercept on you can view request details (headers, cookies, params, user-agent), then Forward the request to the server or Drop it to stop it.
- Configuring the listening interface: use Proxy → Options to change the bind address/port or add additional listener entries (useful for VM / remote testing).
- Recommended browser: use a separate testing browser (Mozilla Firefox recommended) to avoid contaminating your daily browser profile.
- Handling HTTPS traffic: Burp generates per-host SSL certs signed by its own CA — install Burp’s CA certificate into the browser (visit http://burp while proxied to download it), then mark it trusted (“Trust this CA to identify websites”) and restart the browser. This allows Burp to intercept HTTPS without browser warnings.
- Security caution: only install Burp’s CA in a dedicated testing profile or VM; remove it from normal/production profiles to avoid trusting a local CA inadvertently.
- Repeater tool — purpose: used for manual, iterative testing of a single request—edit, resend, and observe responses without redoing actions in the browser.
- Sending requests to Repeater: from Proxy Intercept or HTTP History use “Send to Repeater” (or Ctrl+R) to move a request into Repeater.
- Repeater workflow: edit the HTTP message in the text editor, press Go to send, and inspect response metadata (status, length, timing) and body to assess effects.
- Use cases for Repeater: manual vulnerability verification and PoC creation (e.g., testing XSS payloads, parameter tampering, SQLi strings) by injecting payloads and observing returned HTML/headers.
- Round-trip to browser for client validation: after modifying a request in Repeater you can generate/replay a URL in the browser to validate client-side behavior (useful for DOM/XSS checks).
- Practical recommendations: verify proxy and CA settings with a simple request first, keep scope/legal authorization documented, and use an isolated VM/profile for all interception tasks.
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy