Request and Response Interception in Burp Suite

We have already discussed almost all basic theories about burp suite. Now, Let’s do some practical things with burp suite. You should not jump into practical thing directly without reading Basic theories. If you are wondering for Basic theory then you can visit my previous articles about burp suite which are based in theory. I am providing the link below.

Requirement:

1. Mutillidae

2. Burp Suite

3. Firefox or Iceaweasel

4. Configure Burp suite withfirefox or iceweasel

5. Basic Theories Target Taband Proxy Tab

What we are going to do ?

We will understand how interception work, how we can add a scope in burp suite for particular target and how request and response works.

1. First of all start mysql and apache server for running mutillidae

Open Terminal

Type service mysql start and Press Enter
Type service apache2 startand Press Enter

Now start burp suite by terminal

Type burpsuite.jar and Press Enter

(Click image for large view)

2. Burp Suite has been opened. Go to Proxy Tab then Intercept Sub-tab. There you will see intercept is off.

3. We have seen our interception is off in burp suite so, let’s see what happen when we browse any url in our web browser which is configure with burp suite. We will not use any website to do these testing because that will be illegal so we will use our mutillidae this is our own web server.

Write 127.0.0.1/mutillidaein your web address and Press Enter. Web site responds without any trouble.

4. When we come to intercept sub-tab there are also no web traffic records available.

We have configured well burp with our browser but still burp is not capturing any web traffic from browser why ?

Very simple answer, because we turned off intercept while browsing the website so, burp could not capture any data. If you are beginner and trying to test any web and your burp is also not getting traffic from the browser then you should look at once your intercept is On or Off.

5. In the Site Map sub-tab we can see which url we have visited it doesn’t matter intercept on or off.

--------------------------------------------------------------------------------

6. Now, Let’s Turn On interception in Intercept sub-tab

7. Go to Proxy Tab then Option Sub-tab. There you will see intercept Client Request and Responsesection you just need to uncheck Match type : URL boxes. (If already unchecked leave this step)

8. Go to Target Tab then Scope Sub-tab. There you will see Include in scope section, you need to delete all the scopes from there if you have added any.

9. Go to your web browser and open 127.0.0.1/mutillidae

10. Go to Burp Suite there you will see it send request to server for response. You need to click on forward for forwarding the request to server so you will get the response from server.

11. Here, We got the response.

12. Go to your web browser, our web browser is still waiting for response.

13. Go to Burp Suite and Click once again on Forward button so, Our web browser should get their response.

14. Here, our web browser got the response.

------------------------------------------------------------------------------

15. Go to Proxy Tab then Option Sub-tab. There you will see intercept Client Request and Responsesection you just need to check Match type : URL boxes. (If already checked leave this step)

16. Intercept should be turn On.

17. Go to your web browser and open 127.0.0.1/mutillidae

18. Interception is On but Burp suite could not get any traffic from web browser.

Why?

Because, We did setup (step 15) burp to get traffic for particular target not for all which are browsed by web browser but we are not getting any traffic because we did not add any target to burp suite yet for getting the traffic.

19. Here we will add a particular url target for getting the traffic on burp. Go to Target tab then Site mapsub-tab and Right Click on the url which one you want to test then Click on Add to Scope.

20. Now we gave burp suite a particular target for testing so if you will browse any other url on same browser it will not effect on burp. I like this method because it do not intercept other websites during your testing. For example I have added 127.0.0.1/mutillidae as a scope means as target. Now I need to search something on google or I am also using facebook while testing for discussion with my team or whatever reason in same browser which is configure with burp suite. If you added a scope 127.0.0.1/mutillidae burp will not show you any traffic for other sites like google search or facebook. It is trace only your target url activity.

As you can see we have added a scope from site map sub-tab. You can also add scope manually by clicking on Add button there you need fill up some details like Protocol, host/Ip range, Prot etc. You can also Enable or Disable your scope by clicking on the check box in include in scope section.