Detailed explanation of burp suite 2023 version module "One"

Detailed explanation of burp suite 2023 version module <1>

Detailed explanation of Brup suite dashboard, target, and agent modules

dashboard:

Burp Suite's dashboard is an overview view that displays important information about targets and agents. We can view a summary of recent operations, the status of the target, and agent-related statistics on the dashboard.

In my Burp Suite, the dashboard has three small modules:

• Tasks

The "Tasks" module in Burp Suite's Dashboard is used to manage Burp Scanner's scanning tasks. Burp Scanner is a functional module in Burp Suite that is responsible for automatically identifying and analyzing application vulnerabilities.
Through the "Tasks" module, we can create, manage and track multiple scanning tasks. Different scan scopes, configuration settings, and scan options can be defined for each task. While the scan task is running, we can view and monitor the progress and status of the scan and view the vulnerabilities discovered.

1. New scan (New scan)
   This option allows us to create a new scan task for active scanning of target applications. We can define the scan target, scope and other configuration parameters, then start the scan, observe and analyze the results.

2. New live task (New fact task)
   This option allows us to create a new scan task for active scanning of the target application. We can define the scan target, scope and other configuration parameters, then start the scan, observe and analyze the results.

3. Filter (Filter)
   This option allows us to create a new scan task for active scanning of target applications. We can define the scan target, scope and other configuration parameters, then start the scan, observe and analyze the results.

4. Live passive crawl form proxy(all traffic):
   This option allows us to create a new scanning task for active scanning of target applications. We can define the scan target, scope and other configuration parameters, then start the scan, observe and analyze the results.

5. Live audit from proxy(all traffic):
   This option allows us to perform a live audit from the proxy module on all traffic passing through the proxy. Burp Suite will automatically detect and analyze requests and responses and display potential security issues and vulnerabilities.

The "Tasks" module provides a convenient way to organize and manage multiple scan tasks for better tracking and processing of scan results.

The usage of brup suite scanning will be explained in detail in a future blog.

• Event log

In Burp Suite, the Event log is a window that records Burp Suite operations and events. This log records important events and information related to scans, proxies, attacks, plug-ins, etc.

By viewing the Event log, we can learn about Burp Suite's various operations, scan results, scan progress, proxy requests, responses and other information. This is useful for tracking and analyzing scanning progress, observing requests and responses, and understanding the operational flow of Burp Suite.

Event log can record various events, such as:

• Scan progress and results
• Proxy requests and responses
• Plugin actions and events
• Vulnerability detection and reporting
• Tool operation and settings changes
  

• Issue activity(issue list)

• In Burp Suite, the Issue activity (issue list) is a window used to display discovered security issues and vulnerabilities. This inventory provides the ability to manage and track issues generated by scan tasks.

• In the Issue activity, we can view and handle various issues discovered during Burp Suite scanning, including security vulnerabilities, configuration errors, sensitive information leakage, etc. The checklist provides a summary, risk level, impact scope, specific description, and possible fix recommendations for each issue.

• By viewing the Issue activity, we can easily understand the list of issues in the scan results and conduct further analysis, processing, and reporting on each issue. We can mark issue status, add comments, export reports, or share issues with the team.
  

Target：

The target module is used to identify and analyze target applications to be tested. We can add target URLs to the target module, and Burp Suite will perform active or passive scanning of these targets to help discover security vulnerabilities.
There are three options in Target: site map, issue definitions, and scope settings.

Introduction to modules in the site map window

• mapping tree

• The mapping tree is a panel in the Burp Suite Site map window that displays the target application's hierarchy and a tree structure of related requests.

• In the mapping tree, we can see the different directories, subdomains, URL paths, and associated requests and responses in the target application. These directories and URLs are organized in a hierarchical structure, and we can expand and collapse different levels to view and manage the requests within them.

• For each request, the mapping tree displays the requested URL, request method (GET, POST, etc.), request status code (such as 200 OK), response status code and other information. We can also view and analyze the details of the request and response by clicking on the request.

• Mapping trees provide insight into the structure of a target application and perform analysis on specific directories, URL paths, or subdomains. This helps uncover hidden pages, important features, and areas where vulnerabilities may exist.
  

• Link directory

• The Link Directory is a panel of the Burp Suite Site map window that displays a list of links found in the site map.

• The Link Directory panel lists the different links in the target application, which may be pages, paths, directories, or other types of links in the site map. Listed links can be organized according to the structure of the directory and path to which they belong.

• The Link Directory provides a quick overview of the different pages and paths within the application and can be used to navigate to specific links or directories. We can click on a link to view details of the request and response associated with that link.

• Through the link directory, we can more easily understand the individual pages and paths of the target application and quickly navigate to the links of interest. This helps us conduct comprehensive testing and analysis of the application.
  
  We can also color the specified links to facilitate us in identifying problematic links.
  

• Request\Response Viewer

• The Request/Response Viewer is a feature of the Burp Suite Site map window for viewing and analyzing specific requests and corresponding details.

• In the request/response viewer, we can view various aspects of the selected request, including the request URL, request method (e.g. GET, POST), request headers, request payload, etc. We can visually understand the details of the request and modify or analyze it as needed.

• For responses, the Request/Response Viewer displays various aspects of the response, including response headers, response status code, response payload, and other relevant information. We can view the details of the response, inspecting the status code, content type, and any data transferred.

• The request/response viewer also provides additional features such as sending selected requests to other Burp Suite modules (such as Intruder, Repeater, etc.), repeating requests for testing and analysis, saving request/response data for subsequent use, etc.

• The Request/Response Viewer allows us to drill down into the content of selected requests and responses and perform further analysis and processing on them. This helps us better understand how the application works, debug issues and perform security testing.

• Problem view
  The problem view is composed of problem list, security suggestions, request window, response window, and problem path.

List of Questions:

• In the issue list, we can view and manage security issues related to the target application. Each issue has a summary that includes the issue type, URL, risk level, status, and a detailed description of the issue.

• The issue list can be sorted by different columns, such as risk level, URL, issue type, etc. to better organize and find specific issues.

• We can use filters in the question list to filter and display questions of interest. We can set filter conditions based on URL, issue type, risk level, status, and other attributes to quickly locate and observe specific issues.

• Get a comprehensive view of security issues and vulnerabilities discovered during scans. We can view the summary, risk level, and description of the issue to further analyze the severity and scope of the vulnerability and take appropriate steps to remediate or mitigate it.
  

• Safety advice:

In Burp Suite, Advisory refers to advice and guidance related to specific security issues or vulnerabilities. Burp Suite usually provides corresponding security recommendations or recommended measures for each discovered security issue to help users understand and resolve these issues.

Advisory usually includes the following content:

1. Vulnerability description: Advisory will provide a detailed description of the vulnerability, explaining the nature, cause and potential impact of the vulnerability.

2. Repair suggestions: Advisory will provide repair suggestions for vulnerabilities and security issues, including recommended solutions, patches or configuration changes.

3. Best Practices: The Advisory may also introduce best practices and security suggestions to prevent similar security issues from occurring.

The goal of Advisory is to help users comprehensively understand security issues and provide solutions. Users can follow the recommendations in the Advisory to fix vulnerabilities or take defensive measures to ensure application security and reduce potential risks.

• Request window, response window

Burp Suite's Issue request window and response window are the two main panels in the Issues view, used to view and analyze security issues related to requests and responses in the site map.

1. Issue request window:
   The Issue request window displays the details of the request related to the selected issue. We can view the request URL, request method, request header, request payload, etc. of the selected issue in this window. This helps us understand the details of the specific request when the issue occurred.
   

2. Issue response window:
   The Issue response window displays the details of the response related to the selected issue. We can view the response header, response status code, response payload and other related information of the selected issue in this window. This allows us to drill down into the application's response when the problem occurs.
   

• problem path

Issue Path is a panel in the Burp Suite Site map window that displays the path selected requests and responses took to reach a specific vulnerability.

• In the Issue Paths panel we can view the associated paths between selected requests and responses and vulnerabilities. This path shows the requests and responses that trigger a specific vulnerability in an application.

• The display of the problem path is usually presented in a tree structure, showing the specific details of each request and response, including the URL, request method, request headers, request payload, and response headers and response payload.

• By looking at the issue path, we can understand how the vulnerability was exploited or triggered, as well as the requests and responses that affected the vulnerability. This helps us analyze the context and conditions of the vulnerability and conduct further investigation or remediation.
  

• Since I'm doing passive detection, the problem path feature is not available by default. This is because passive scanning detects security issues by intercepting and analyzing application traffic and cannot provide clear path information.

• Passive scanning listens for traffic through Burp's proxy functionality and analyzes requests and responses that go through the proxy. This analysis is based on the triggering relationship between adjacent requests and responses to determine possible vulnerabilities.

• Passive scanning determines whether a vulnerability exists differently than active scanning, so the problem path feature does not apply in passive scanning. The problem path link is effective during active scanning because active scanning actively tests the application and identifies problems based on specific paths during testing.

issue definitions

Issue definitions are definition files used in Burp Suite to identify and describe specific security issues or vulnerabilities. These definition files contain the rules and conditions required to detect and identify security issues.

In Burp Suite, by using predefined issue definition files, applications can be scanned actively or passively, and vulnerabilities related to the security issues defined in these definition files are automatically detected and reported.

Predefined problem definition files, usually provided by the Burp Suite team or other security experts, define and describe common vulnerabilities and security issues. These definition files can be loaded, updated, and configured as needed.

Through issue definition files, Burp Suite can automatically identify and report security issues based on defined rules and conditions. Available problem definition files include:

• OWASP Top 10: Contains the ten most common application security risks and vulnerabilities as defined by OWASP (Open Web Application Security Project).
• Other vulnerabilities and security issues: For example, SQL injection, cross-site scripting (XSS) attacks, cross-site request forgery (CSRF), etc.
• 

scope settings

Scope setting (Scope) is an important function in Burp Suite, which is used to specify the scope of the target application we want to scan. Through scope settings, we can control which URLs and domain names are scanned by the scanner for more precise application security testing.

In Burp Suite, we can make the following scope settings:

1. Exclude domain names: We can specify domain names to exclude so that the scanner does not scan URLs or entire domain names under these domain names.

2. Include domain names: We can specify domain names to be included in the scan scope so that the scanner only scans URLs under these domain names.

3. Exclude URLs: We can specify specific URLs to exclude so that the scanner will not scan these URLs.

4. Include URLs: We can specify specific URLs to include in the scan so that the scanner only scans these URLs.

5. Load scope from sitemap: We can load scope directly from sitemap. This will automatically configure scope settings based on the URLs recorded in the sitemap.

By properly configuring scope settings, you can avoid scanning irrelevant URLs or domain names and improve scanning efficiency and accuracy.

proxy：

The proxy module is one of the core features of Burp Suite. By configuring and using Burp Suite as a proxy server, we can capture and modify HTTP/HTTPS requests and responses between the application and the server. This helps analyze and modify an application's communications to discover potential security vulnerabilities or customize communications.

1. Intercept:

• This is one of the main features of the Burp Suite proxy module. Through the interception function, we can intercept and modify HTTP requests from browsers or applications, and observe and analyze the corresponding HTTP responses. We can choose to manually intercept the request, modify it or release it, and observe the application's response to the modified request. This feature is very useful when performing security testing and vulnerability analysis.
• 
• Forward

• In Burp Suite, "Forward" refers to the operation of sending requests intercepted by the proxy module to the target server.

• When we enable the proxy module and set the proxy configuration of the browser or application, Burp Suite will intercept HTTP requests through the proxy. This way, we can choose to view and modify the request in the "Intercept" function and choose different actions: release the request to send it to the target server or block it.

• If we choose to release the intercepted request, the "Forward" operation will be performed. This will cause Burp Suite to send the request to the target server so that the application can process it and return a response. Once the request is successfully forwarded, Burp Suite can also capture and display the response returned from the target server.

• In "Intercept" mode, when a request is intercepted, Burp Suite will wait for our operation (release or modification) before forwarding the request. This allows us to review and modify the request before deciding whether to forward it forward.

• "Forward" is a core operation in Burp Suite that can be used to send intercepted requests to the target server for normal request-response interactions. This helps in testing and analyzing the application’s communication traffic and conducting further security testing and vulnerability analysis.

• Drop

• In Burp Suite, "Drop" is an operation for an intercepted request or response. When we use the interceptor module to view and modify an application's traffic, we can choose to "Drop" requests or responses, that is, discard them without sending them to the target server or browser.

• By selecting the "Drop" action, Burp Suite drops the currently intercepted request or response, preventing it from continuing to interact with the application. This means that dropped requests will not be sent to the target server, and dropped responses will not be sent back to the browser.

• The "Drop" operation is often useful in the following situations:

  1. Uninteresting requests or responses: When you are not interested in some requests or responses, you can choose to discard them to reduce related traffic and interference.

  2. Debugging and modifying test requests: When you are testing and modifying some requests, you may need to drop some or all of the requests in certain situations to ensure that only the requests you want to send reach the target server.

• By selecting the "Drop" action, we can easily control the fate of intercepted requests and responses. This is a powerful feature of the Burp Suite Interceptor module that can be used to test and modify an application's communication traffic.

• Intercept is on/off

• In Burp Suite, "Intercept" is a feature that controls whether the proxy module is enabled to intercept requests and responses.

• When interception is turned on, Burp Suite intercepts HTTP requests going through the proxy and pauses them so we can inspect, modify, or let them go. This allows us to observe and control the application's traffic, allowing for granular processing of requests and responses during testing and analysis.

• When the interception switch is turned off, Burp Suite will forward requests and responses to the target server or browser without intervention, without any interception or modification. This ensures normal communication between applications and enables interception when needed.

• We can turn on or off the interception function by clicking the interception switch button in the interceptor module of the Burp Suite interface. Usually, when the interception switch is turned on, Burp Suite will send the request to the target server or release the request based on our operations. When the interception switch is turned off, Burp Suite will directly forward the request to the target server.

• In the interceptor panel, we can also set interception rules and conditions to more precisely control and handle the interception behavior of requests and responses.

• Action

• In Burp Suite, an "Action" refers to an action performed on a request, response, or other item in an interceptor or other module.

• Open browser

• In Burp Suite, "Open Browser" is a feature that allows us to open a browser window directly inside the Burp Suite interface and route the browser's traffic through a proxy.

• By using the "Open Browser" feature, we can operate a built-in browser in Burp Suite so that it interacts with the target application through a proxy. This is useful for viewing actual pages of your application, navigating, triggering actions, or performing manual testing.

• Inspector

• In Burp Suite, the "Inspector" is a functional module used for in-depth analysis, parsing and display of requests, responses and other data.

• By using inspectors, we can inspect and review various data in the Burp Suite interface to understand their structure, content, and properties. This is useful for analyzing an application's communications and data, especially in security testing and vulnerability analysis.

• Some common features provided by the inspector module include:

  1. Analyze headers and payloads: We can view and analyze the headers and payloads of HTTP requests and responses to understand their structure, parameters and other properties.

  2. Display format parsing: For common data formats (such as JSON, XML, URL encoding, etc.), the checker will automatically parse and format the data and present it in an easy-to-read form.

  3. Syntax highlighting and language parsing: For specific data types, the checker can highlight the syntax structure and provide parsing, prompts and error detection in the corresponding language (such as JavaScript, SQL, etc.).

  4. Data encoding and decoding: The inspector provides functions for encoding and decoding data, which can help us deal with parameter encoding methods, such as URL encoding, Base64 encoding, etc.

  5. Custom parsing and display: We can also customize the behavior of the inspector by adding plugins or scripts to process or parse specific types of data and display the data in a custom way.

By using the Inspector module, we can deeply analyze and review requests, responses, and other data to better understand an application's communication and data interactions. This is useful for discovering potential security vulnerabilities, testing and understanding the behavior of your application.

2. HTTP history:

• This functional module records the history of all HTTP requests and responses collected by the proxy module. We can view, search and filter historical requests in the HTTP history panel to facilitate inspection and analysis of previous requests and responses.
• 
  It is an http history viewer, relatively simple.

3. WebSockets history (WebSocket history):

• This functional module is similar to HTTP history, but is specifically used to record requests and responses for WebSocket communications. Through the WebSockets history panel, we can view, search and filter WebSocket communication records for analysis and debugging.
• 
  The function has not been used yet and will be added in future blogs.

4. Proxy settings:

• These settings allow us to configure the behavior and options of the proxy module. We can set the listening interface and port of the proxy, configure SSL options, set the TLS negotiation method, specify the domain name and target application used by the proxy, and other related settings.

With these features and settings, we can effectively intercept, modify, and analyze HTTP requests and responses, including regular HTTP traffic and WebSockets communications. This gives us powerful tools and flexibility for testing and auditing application security.

It has been explained in detail in the previous blog, so I will not explain it in detail. Friends who are in need can go to my previous brup suite
to check it out.