full screen background image
Search
Sunday 18 February 2018
  • :
  • :

Engagement Tools Tutorial in Burp suite

Hello friends!! Today we are going to discuss Importance of Engagement tools which is a Pro-only feature of Burp Suite. It is mainly use in information gathering and hence the analysis of any web application testing.

Its four important utilities are following:

  • Find References
  • Discover Content
  • Schedule Task
  • Generate CSRF POC

Find References

This function can be used to search all Burp suite tools for HTTP responses that link to a particular item. To make use of this function, select an HTTP request anywhere in Burp suite, or any part of the site map, and choose “Find references” in “Engagement tools” in the context menu which can be seen clicking Action Tab within Burp suite.

The result window of the search shows responses (from all Burp tools) that are link to the selected item. Whenever we view an individual search result, the response will be automatically highlighted to show where the linking reference is occurring.

This function treats the original URL as a Prefix whenever we search for links, so if you select a host, you will find all references related to the host and if you select a folder, you will find all references to items inside that folder.

First, we have intercepted the request of the Vulnweb.com which is a demo lab available over the internet which can be used for testing attacks. Then click on enter after writing the URL of the Vulnerable Web in your browser , then the burp suite will capture the request of the web page in the intercept tab.

Then click on Action Tab, after that select the Engagement tools then click on Find References. This will open a result window which will show all the references related to the URL whose request has been captured which is the Vulnerable Web as shown in the image.

Discover Content

This function is used to discover contents and functionality which are not linked with visible content that you can browse or spider.

There are various techniques that burp suite uses to discover content, which includes name guessing, web spidering, and extrapolation from naming conventions observed within the use of application.

Control

This tab shows you the current status of the session. The toggle button represents whether the session is running or not, and it also allows you pause and restart the session.

The following information is displayed about the progress of the discovery session:

  • Number of requests made
  • Number of bytes transferred in server responses
  • Number of network errors
  • Number of discovery tasks queued
  • Number of spider requests queued
  • Number of responses queued for analysis

Target

This option allows you to define or state the start directory of the content discovery session, and whether the files or directories should be targeted. The options that are available are as follows:

  • Start directory – This is the location where Burp suite is used to look for content. The items within this path and subdirectories are requested during the session.
  • Discover – This option can be used to determine whether the session will look for files or directories or both.

Site Map

The discovery session uses their own site map, showing all of the content which has been discovered within the defined scope. If you have configured your Burp suite to do so, newly discovered items can be added to Burp suite’s main site map.

First, we have intercepted the request of the Vulnweb.com which is a demo lab available over the internet which can be used for testing attacks. Then click on enter after writing the URL of the Vulnerable Web in your browser , then the burp suite will capture the request of the web page in the intercept tab.

Then click on Action Tab within the Burp suite, after that select the Engagement tools then click on Content Discovery. This will open a result window which will show the discovery session status and queued tasks which are related to the URL whose request has been captured which is the Vulnerable Web as shown in the image.

Schedule Task

This function can be used to automatically start and stop certain tasks at defined times and intervals. We can use the task scheduler to start and stop certain automated tasks while you are not working, and to save your work periodically or at a specific time.

To make use of this function, select an HTTP request anywhere in Burp suite, or any part of the target site map, and choose “Schedule task” within “Engagement tools” in the context menu which can be seen by clicking right within Burp suite.

The types of task that are available within this function are as follows:

  • Scan from a URL
  • Pause active scanning
  • Resume active scanning
  • Spider from a URL
  • Pause spidering
  • Resume spidering
  • Save state

First, we have intercepted the request of the vulnweb.com which is a demo lab available over the internet which can be used for testing attacks. Then click on enter after writing the URL of the Vulnerable Web in your browser , then the burp suite will capture the request of the web page in the intercept tab.

Then click on Action Tab within the Burp suite, after that select the Engagement tools then click on Schedule Task. This will open a window of schedule task options where we have selected Scan from a URL option as shown in the image.

 

 

Read more…



Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Part-Time Hacker || Child Pornography & Sexual Abuse Combat


Leave a Reply

Your email address will not be published. Required fields are marked *