LAB: Burp Suite's proxy tool

I will demo this, and you should follow along on your Kali. The basic idea is that every HTTP query gets intercepted so you can look at it and/or change it ahead of sending it to the server, and you can study the responses as well.

• Fire up Kali
• Launch Burp Suite
• Select the Proxy tool
• [Just for today, we want to see requests for images.] In the Proxy tool settings, for "request interception rules", disable the "File extension does not match (^gif$|...)" item.
• Launch Burp's browser
• [This one will be permanent until you change it, which is good, because you'll be sad all term without this.] Go to the browser settings (upper-right corner, click the three-dots icon, and select Settings). Choose "Privacy and security", then "Security", then scroll to "Advanced" and uncheck "Always use secure connections".
• Activate interception (click on the "Intercept is off" button to make it say "Intercept is on")
• Use the Burp browser to go to http://cs338.jeffondich.com/. Note that you'll need to type this whole thing--otherwise the browser will try to use https, which we don't want today.
• Look at the request for a bit, then click on Forward
• Once the browser shows the web page, go to the Burp proxy tool and select "HTTP history".
• [Again, just for today.] Click on "Filter settings" and enable images under "Filter by MIME type".

---

Your Carleton user name, lower case:

What is the first line of the first query sent by the browser to the server?

What is the HTTP status code of the server's reply to the first query?

What is the first line of the second query sent by the browser to the server?

What is the HTTP status code of the server's reply to the second query?

What is the first line of the third query (if any) sent by the browser to the server?

What is the HTTP status code of the server's reply to the third query?

Briefly, what does the the Burp proxy tool do?

Submit