Cysep

Burp Suite Basics: HTTPS

Burp Suite Basics: HTTPS

This Burp Suite lab was completed on February 6th, 2021. The link to complete the challenge is: https://immersivelabs.online/labs/burp-basics-https/

Tasks

Set proxy settings in Firefox to proxy traffic through Burp.
Navigate to www.mngr.io and view the certificate error message.
Install the Burp CA (Certificate Authority) to Firefox.
Browse www.mngr.io and capture the cookie.

Question 1
Proxy web traffic through Burp and navigate to ‘www.mngr.io’. What is the certificate error code displayed?

Steps:
Start Burp
Change firefox networking -https://portswigger.net/burp/documentation/desktop/getting-started/proxy-setup/browser/firefox
Go to https://www.mngr.io
Answer: SEC_ERROR_UNKNOWN_ISSUER

Question 2
What is the URL entered to get the Burp CA?

Answer: http://burp

Question 3
Using Intercept, browse to www.mngr.io. What is the value of the cookie set when the ‘Test Login’ button is clicked?


Steps:
Go to http://burp
Download CA certificate
In Firefox ‘Preferences’ option. Go to the ‘Privacy and Security’ settings and click ‘View Certificates’.
Go to the ‘Authorities’ tab and then click on ‘Import’,
choosing the previously saved Burp Certificate Authority (CA).
Ensure that the option to allow this certificate to identify web sites is checked.
Go to www.mngr.io

In burp suite, set target to www.mngr.io
On the Proxy tab, go to Intercept and just click on Forward a bunch of times
Once the web page loads, click Test Login
Click Forward in Burp suite
Go to browser, see token, this is not the token you’re looking for: bb0f0d
Open Inspector, storage, Cookies

Answer: Mngr-Cookie: 8583bb

Question 4 of 4
What does CA stand for?

Answer: Certificate Authority

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Free Report

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore quaerat voluptatem.