Working manually on specific HTTP requests

Working manually on specific HTTP requests #

When you understand how your target application works—for instance, when you can identify crucial requests from a security standpoint—you can choose appropriate requests from the Proxy tab and try to exploit them manually.

For example, requests that reflect user-provided values in the response and API calls that handle authentication are worth investigating in this manner. To support yourself with semi-automatic methods, use the following Burp tools.

Burp Repeater
Burp Repeater allows you to manually manipulate and modify HTTP requests and analyze their responses.
Burp Intruder
Burp Intruder is a tool for automating customized attacks against web applications and serves as an HTTP request fuzzer.
Burp Collaborator
Burp Collaborator is a Burp Suite Professional ecosystem tool that helps uncover hidden security vulnerabilities in your web applications. By allowing your testing to span more than just the immediate interaction with a target, Burp Collaborator opens the door to identifying out-of-band (OOB) vulnerabilities.
This content is licensed under a Creative Commons Attribution 4.0 International license.