Click on Everything (in Burp)

By Red Siege | October 5, 2023

In this blog post I wanted to share a few tips and tricks I’ve found in Burp that have really helped me in the past.

Double Click and Right Click Everything! (Literally Everything)

There is so much functionality (for better or worse) that’s hidden in the Burp GUI. One of the first and best examples of this, is newcomers finding the filtering options for the site map. I’ve met multiple people that were unaware of this and that’s a really rough way to live.

Simply right-clicking, or double clicking on the box that states “Filter: Hiding out of scope and not found items…” will bring up this additional filter menu.

There is ZERO indicators that this is the way you are suppose to interact with the filter or even that that portion of the GUI has that functionality.

For example, I sometimes need to do really granular scans, instead of the traditional “let it rip” scan. This usually results in a bunch of smaller scans that I have no clue what they were targeting unless I click the pop-out button in the top right and review what it was specifically.

Once again the power of double clicking saves the day. Double clicking the title box of the scan allows editing.

At this point you can rename the scan to something useful to help you remember which scan did what.

Bonus Tip:
Some markdown fonts will work in this title field. Is this useful, probably not, but is it neat little feature, absolutely.

Double clicking will allow you to edit that tab name as shown below.

But right clicking that same tab opens up useful functionality such as grouping, naming the groups, and color-coding tabs. I love to use this feature to group functionality and/or ideas I have while working on web application pentests.

Go to Proxy -> Settings Cog -> Tools -> Proxy -> Response Interception Rules
Do yourself a huge favor, make your settings look like my settings so that you only see responses you care about, instead of everything.

The Request Being Intercepted:

The Response Being Intercepted:

Now that we have proxy set up to be actually really useful. There’s one additional feature we can really make use of now. This little off to the side functionality, if used correctly, is a game changer. Welcome to the first day of the rest of your life. The proxy intercept Comment and Color tool!

This tool allows you to input comments and select colors from the Burp Intercept tool that directly stores this into your Burp Proxy History.

Why does it matter?

For example, when I review login functionality I’ll start with a known “bad” state, such as fake username and a fake password. In the intercept I can edit the data, in the comments add “Fake User Fail” and mark it red. Then compare it with a real user, bad password combination, add a comment “Real User Fail” and mark it yellow. When we pop back over to Burp we can easily and visually spot the requests we marked in the proxy to review later.

For example, by the power of clicking on unsuspecting boxes, double clicking the “Filter: Hiding out of scope items;” area will bring up a proxy history filter. If you check both of the check boxes below, it’ll only show you things you either highlighted or added comments.

If you are crafty, you can even add tags, or search terms into your comments to make filtering a breeze. Such as below, I entered the string “Real User” to filter anything that contained that string including comments. I could easily find and review how the application login handled real user logins, and I don’t have to slog through the rest of the proxy history.
In future blog posts I’ll go over in detail on how I use the color and commenting systems in burp for better filtering results, and generally how to stay organized during a web application penetration test. I hope you found some if not all of these tips useful, there is probably more Burp functionality hidden that I’m not aware of. Would love to read about any Burp hacks you have found in our discord!

Dumping LSASS Like it’s 2019

By Red Siege | March 4, 2024

By Alex Reid, Current Red Siege Intern   A long-time tactic of threat actors and offensive security professionals alike, tampering with LSASS.exe in order to recover credentials remains a highly […]

Learn More
Dumping LSASS Like it’s 2019

Better Living Through OpenSSH Config Files

By Red Siege | February 15, 2024

By: Justin Palk, Senior Security Consultant   SSH is an incredibly valuable tool for penetration testing. It provides us with a secure channel for administering machines, remotely executing tools, transferring […]

Learn More
Better Living Through OpenSSH Config Files

GraphStrike: Anatomy of Offensive Tool Development

By Red Siege | January 22, 2024

By: Alex Reid, Current Red Siege Intern Introduction This blog post accompanies the release of an open source tool called GraphStrike which can be found here. Those familiar with my […]

Learn More
GraphStrike: Anatomy of Offensive Tool Development

Find Out What’s Next

Stay in the loop with our upcoming events.