Cysep

Burp Suite Basics: HTTPS

Burp Suite Basics: HTTPS

This Burp Suite lab was completed on February 6th, 2021. The link to complete the challenge is: https://immersivelabs.online/labs/burp-basics-https/

Tasks

Set proxy settings in Firefox to proxy traffic through Burp.
Navigate to www.mngr.io and view the certificate error message.
Install the Burp CA (Certificate Authority) to Firefox.
Browse www.mngr.io and capture the cookie.

Question 1
Proxy web traffic through Burp and navigate to ‘www.mngr.io’. What is the certificate error code displayed?

Steps:
Start Burp
Change firefox networking -https://portswigger.net/burp/documentation/desktop/getting-started/proxy-setup/browser/firefox
Go to https://www.mngr.io
Answer: SEC_ERROR_UNKNOWN_ISSUER

Question 2
What is the URL entered to get the Burp CA?

Answer: http://burp

Question 3
Using Intercept, browse to www.mngr.io. What is the value of the cookie set when the ‘Test Login’ button is clicked?


Steps:
Go to http://burp
Download CA certificate
In Firefox ‘Preferences’ option. Go to the ‘Privacy and Security’ settings and click ‘View Certificates’.
Go to the ‘Authorities’ tab and then click on ‘Import’,
choosing the previously saved Burp Certificate Authority (CA).
Ensure that the option to allow this certificate to identify web sites is checked.
Go to www.mngr.io

In burp suite, set target to www.mngr.io
On the Proxy tab, go to Intercept and just click on Forward a bunch of times
Once the web page loads, click Test Login
Click Forward in Burp suite
Go to browser, see token, this is not the token you’re looking for: bb0f0d
Open Inspector, storage, Cookies

Answer: Mngr-Cookie: 8583bb

Question 4 of 4
What does CA stand for?

Answer: Certificate Authority

2 Comments

  1. Everyone loves what you guys are up too. This type of clever
    work and reporting! Keep up the great works guys I’ve included you guys to my personal
    blogroll.

  2. Its like you read my mind! You appear to know so much about this,
    like you wrote the book in it or something. I think that you
    could do with some pics to drive the message home a little bit, but other than that,
    this is fantastic blog. A fantastic read. I will certainly be back.

Leave a Reply

Your email address will not be published. Required fields are marked *