To open Burpsuite, go to Applications → Web Application Analysis → burpsuite.
To make the setup of sniffing, we configure burpsuite to behave as a proxy. To do this, go to Options as shown in the following screenshot. Check the box as shown.
In this case, the proxy IP will be 127.0.0.1 with port 8080.
Then configure the browser proxy which is the IP of burpsuite machine and the port.
To start interception, go to Proxy → Intercept → click “Intercept is on”.
Continue to navigate on the webpage that you want to find the parameter to test for vulnerabilities.
In this case, it is metasploitable machine with IP 192.168.1.102
Go to “HTTP History”. In the following screen-shot, the line marked in red arrow shows the last request. In Raw and the hidden parameter such as the Session ID and other parameter such as user name and password has been underlined in red.
COMMENTS