Post 44 - Keep that intro rollin

20 Jan 2023

Still no archive. Possibly farther from having an archive. And still only in the introductory tasks of the Burp room.

Navigation

Default navigation is through module tabs at the top top of the window. If a module has multiple sub-tabs, they show up in a second bar just below. Modules can also be popped out into separate windows in the Windows>Detach menu. Reattach the same way.

There are also navigational keyboard shortcuts:

• Ctrl + Shift + D - Switch to Dashboard
• Ctrl + Shift + T - Switch to Target module
• Ctrl + Shift + P - Switch to Proxy module
• Ctrl + Shift + I - Switch to Intruder module
• Ctrl + Shift + R - Switch to Repeater module

Options

Unlike example in task, Burp now has the options in a separate Settings area. This area still contains:

• Global settings - User
• Project settings - Project

Global settings apply every time Burp Suite is opened, project options are only for that project. Since Burp Community can’t save projects, those options will reset eveytime Burp is closed.

User options

Connections allows control of how Burp makes connections to targets. Could set a proxy for Burp to connect through, useful for using Burp through a network pivot.

TLS allows enabling/disabling various TLS options, and gives a place to upload client certificates in case a webb app requires one for connections.

Display allows changing Burp’s appearance through font and scale, theme for the framework, and options for the rendering engine in Repeater.

Misc contains a wide variety of settings, including keybindings.

Project options

Connections many of the same options as in User options, but these can override the global settings. Allows setting up a different proxy for this specific project. Also allows “Hostname Resplution” (mapping domains to IPs directly in Burp) and “Out-of-Scope Requests” (determines if Burp will send requests to anything not specifically targeted).

HTTP defines how Burp handles aspects of HTTP, such as following redirects or handling unusual response codes.

TLS allows overriding global TLS settings, and shows a list of public server certificates for sites visited.

Sessions allows defining how Burp obtains, saves, and uses session cookies received from target sites. Also allows defining macros to automate things like logging into web apps.

Misc Many options are only available in Burp Pro. Options here include logging and the embedded browser.

The Questions

Answer the questions about Burp. While working on the questions I found that the settings/options areas were totally revamped, so I’m going to see how the best way of getting it updated is.