Proficiency Level: Beginner
If you are like me, you would always have Burp running in the background. I rarely close Burp. I use different browsers for my work-related stuff and a different browser for hacking. So, Burp only gets engaged when I am using the hacking browser. Nonetheless, it keeps running in the background like an honest minion.
Unfortunately, I am forced to close Burp when updating MacOS or updating Burp itself. When Burp is up and running again, I always perform some configurations on it which provides me an optimal hacking experience. This configuration enables me to concentrate on my target app and filters away the noise. Let’s dive into what these configuration options are:
1. Set the Scope
It all starts with scope. Why is scope important? For starters, scope allows you to perform filtering in your Proxy History, Interception, and the powerful Burp search. If you do not have the scope clearly defined in your Burp configuration, your proxy history will be cluttered with requests being sent to analytics endpoints, marketing endpoints, error logging services, and whatnot. Well, there may be scenarios, where these requests may be of interest to you, but the majority of the time, you would want to focus on requests being generated by application logic.
Here’s how I like to set my scope:
Target > Scope Settings > Check Use advanced scope control > Add > Add part of the hostname in the Host field
You can also have multiple hosts defined in this scope, but you can choose to check one of them for the current application you are testing:
2. Show only in-scope items
Now that you have defined your scope above, it’s time to put it to good use. Your Proxy History is a treasure trove of information. To understand how your app interacts with the server, it is necessary to look at the Proxy History and develop a mental flowchart of how the app talks to the server. If the history is cluttered with unimportant requests such as analytics/error loggers, marketing pings, and heartbeat pings, it’s difficult to focus on the flow.
Here’s how you can set the proxy history to only include in-scope requests:
HTTP History > Filter > Check Show only in-scope items
3. Intercept only if URL is in target scope
Request Interception is the best feature offered by local proxy tools such as Burp. But isn’t it annoying when you have to click the Forward request button a dozen times before the request you are looking for finally appears? I have faced this annoyance and I still see people going through this pain every day. When I see someone continually clicking Forward to reach their request of interest, I just feel like snatching the machine from their control and helping them become more optimized. Many a time, you will accidentally forward your request of interest while you are continually clicking Forward trying to wade through the noise. De-clutter. Cut the noise by telling Burp to only intercept when the host is headed to the domain in your scope. Here’s how you can configure this:
HTTP History > Proxy Settings > Under request interception rules, check the last item: "AND URL is in target scope"
4. Disable Websockets Interception
Interception gets more annoying when you add websocket traffic to the mix. Websockets are noisy because they send data in small chunks and they continuously send data to the server. This noisy traffic makes it difficult to focus on the vulnerability that you are about to exploit. Here’s how you can disable websocket traffic from being intercepted:
HTTP History > Proxy Settings > Under websocket interception rules, uncheck all items
That’s a wrap! I hope this post makes your hacking experience just a little better.