How to Intercept Requests & Modify Responses With Burp Suite
HTML-код
- Опубликовано: 21 авг 2024
- If you need to intercept web application requests or responses, or to modify responses to see what happens when you change things, then you need to get the skinny on Burp Suite.
In this video, I step you through the basics of setting up its proxy and then show you how to intercept a request to a simple web app and how to change the returned response.
Want to get much more detail on intercepting requests and responses in Burp Suite? Check out this post which I wrote recently: www.matthewset...
DOWNLOAD BURP SUITE ➜ portswigger.net.
SUBSCRIBE ➜ eepurl.com/bvRPzD
BLOG ➜ www.matthewset...
TWITTER ➜ / webdevwithmatt
INSTAGRAM ➜ / webdevwithmatt
If you like the video or the channel and want to support it, how about buying me a coffee: www.buymeacoff....
What a cool voice dude
Thanks for saying so. Too kind.
this guy has the best voice for this holly shit hahaha. gives off a vibe where its like dont worry ill teach you what you need to know just enjoy
That's some pretty wicked feedback. Thank you.
Agreed!
Hes so calm its so wholesome
Thank you.
My youtube was in autoplay and this video scared the shit out of me. Great content tho, it helped me a lot
Excellent tutorial!! Thank you for this! Please make more on BurpSuite! And great voice btw :D
Thanks! Will do!
I love your voice, you are the Bob Ross of IT
Why thank you! Too kind.
I watched this video million times,🙏😊it's so cool , I loved it !!!!!
Very kind of you to say so. Thank you.
Your voice is so fucking amazing, so calming and you just WANT TO listen to it
You are too kind. Thank you.
Awesome...I was looking for this type of video...Thanks
Glad to hear that it helped you out.
This is for the life this is for
Great thanks, helped me understand what I needed to return a different response, cheers.
Excellent tutorial, but any other tool you can suggest asides from Burp suite to intercept requests
Three you can try are YAP (www.zaproxy.org/), mitmproxy (mitmproxy.org/), and Charles (www.charlesproxy.com/). I believe Charles is macOS only.
I try the tutorial, but it's reset when page refreshed.
I mean, it's not change.
Thank you man!
Wondered how to modify response since i already knew how to modify requests
Extremely helpful Thnx Once again!!!
How to modify requests between apk to server
Glad it helped!
Not sure, sorry.
Can you make more of these. Maybe something on intercepting and modifying the payloads
Sure can. Thanks for letting me know that you're keen. I'll need a little bit of time to plan out the series, but I'll make it happen.
Hiiii
which microphone you use sir your voice just amazing and your teaching too!
I'm using the MXL 990. It's fantastic - especially for the price. Thanks for the compliment.
Not working , if u turn off the intercept after that and refresh the page its will became the first one so changes are virtual
Good video bro.
Make more videos on burp suit.
Trying to put time aside to do that. Thanks for the support.
The changes that you apply on the body Will affect only your client PC (then It Is only a visual modify) or Will send the response to the server? Thanks
how to make it automatic changing string/text on the fly?
That I'm not sure about, sorry.
THANK you very much INTELLIGENT BOIIII !
You're welcome. I'm glad the video helped.
Thanks for the video !
My pleasure!
Is there a way to intercept and modify the request being sent. For example if im typing a message on instagram to someone, can i intercept the message and change it
did you ever figure it out bro?
if you figure it out let us know, i wanna troll my friends
@@blockify
did you figure it out man?
I've not tried it, but you could well be able to do that. However, I'm guessing sites such as Instagram would be properly validating and filtering any external user input.
Eyo everyone watching,my burpsuite wasn't intercepting and I got NO help from any videos on yt and it was fuckin me over, all I tried failed, but then I found out that burpsuite wasn't intercepting my requests bcz I was trying to crack the DVWA (damn vulnerable websitr application) and that is on your localhost so you have to enable hijacking localhost (just type it in yt), just puttin it out there so you don't have the same issue as I did :)
Glad you were able to solve your issue.
Seems pretty cool. But need to see the actual request from step one like enter in url and stuff. This is pretty cool but need it fully detailed like in steps.
Might be best if I re-shoot the video to include that.
I am somehow confused, I have frontend on localhost:8080 react, and I have backend on localhost:3000, I see tons of request with localhost:8080 I just want to see request on localhost:3000, but I can't configure them in options
Your voice and this video both are very interesting... I m from India.. you video is what I wanted.
Thanks kindly. I really appreciate the feedback.
Good job bro
Thank you so much 😀
Thx bro again this is my other ac
Thanks for the video and awesome voice =)
Glad you liked it!
Does this work with other websites online? and if so how do I need to configure the proxy? Thanks, I loved the vid.
It will work with whatever website you want to interact with. What way do you need to configure the proxy, or what is the website that you want to interact with? And thanks for the feedback on the video. It really means a lot.
@@WebDevwithMatt thanks for the response, it was quite quick, but I realised that proxying wasn't how I needed to approach my issue. Thanks for the help anyway. Sorry for the inconvenience.
Aussies are the best. No doubt. 👏
Why, of course!
But when you upload your browser Edgar Wrong is disappear and switch on right name
Sorry, I don't follow what you're saying?
would be cool if you could do it in an automated way, for example: if that line matches with a cartain regex, change it to xyz. or smth like that
At this stage, I don't know if that's possible, but I strongly suspect that it is. I'll see what I can find out.
@@WebDevwithMatt subscribed :3
ever found out anything ?@@WebDevwithMatt
How can you modify part of the new request with a VARIABLE, which was got from the previous request response? Thanks.
Honesly, that I don't know. I'll see what I can find out for you, though.
hi, i have a doubt! pls let me know... if i intercept a request, edit its response, inject an alert script , if that script is reflected in the website is that an xss vulnerability??
Same question for me. I need to know the answer as well. Please
why you sound like my dad when he teach me something....but hey..thats cool ...it works for me
Maybe it's just my voice :-) along with the proximity effect of the mic, which I LOVE!
What's the name of this attack?
Could you use other methods in the condition like PROPFIND?
Sure should be able to. I'll have a look and get back to you.
Can you perform main the middle attack by intercepting OTP request from an email account’s phone number attached to it?
Honestly, that I'm not sure of. I'll investigate and see what I find. Thanks for asking.
Software Development with Matt wow never expected you would replied to my message. I found a very informative video ruclips.net/video/3XUo7UBn28o/видео.html it shows there at somewhere 31 mins how it was performed using wireshark, but can’t fully understand how it was done in a step-by-step manner. I would be so much thankful if you can study that video and make a video on how it’s done.
@@WebDevwithMatt hey let's talk on telegram @Savagelone, my chrome doesn't work with burp suite
Bro,
How do I change number in 1xbet using Burp Suite
Not sure, sorry. I don't know that site.
How can I do this with an android application more like a game
I'm not sure, as I'm not a big Android user.
at 3:35 is where i can’t figure out
thanks for the video, how do you get the community edition????? need to send an backdated email Help!!!!
I just downloaded it. The PortSwigger website's changed since I last check it out. It seems that you now have to submit your email address to download that version.
I think this works only when you load the website from your computer
Why's that Jakov? If the request can be intercepted, the response can be modified. Do you have a particular scenario as an example?
@@MatthewSetter i have done this on my website and i changed the title..but it works only from my laptop, when i open website from my phone or another pc there is no change.
Ah, that explains it. I'm guessing that for your phone or PC you haven't changed the proxy to be the one in Burp Suite. If that's the case then Burp Suite cannot intercept those requests.
@@WebDevwithMatt Hi..Im using foxyproxy addon for google chrome to setup proxy, port iy 8080 and ip is 127.0.0.1...when i made changes to html in burp, changes are made in website when i look from the device that im using burp..im using burp for windows, but when i enter my website from my phone nothing changes, all text is the same..can you please help me?
It seems like your phone's not configured to use the same proxy.
can i edit the request too? to get the server answer that i want.
As you compose the request yourself, you sure can.
You didnt modify any request parameter. Modifying the response is useless.
Hey
@@clickscolourblackramiz92 it's helpful for a couple of reasons, such as getting a feel for the application, and giving a client a different response to see how it handles it.
I can't find anything that I've missed but I've tried multiple times from scratch and the request never gets intercepted. Any ideas?
Ps. Yes I checked that intercept was turned on...
EDIT: You didn't mention in the video that you need to configure the listener proxy.
Hi @@matthough4124, thanks for getting in touch about this. A small configuration of the proxy is covered from about 1:41 onwards. Is that what you're looking for, or have I misunderstood you?
@@WebDevwithMatt Yeah but you don't mention at all configuring the browser to use burp as it's proxy
@@WebDevwithMatt its ok i worked it out, on windows the browser and the network settings need to be configured to use the proxy that the burp suite makes
@@matthough4124 Anyway you can share how you configured this?
Hi sir, it is really great
Can you please do more vedios on burp suite
Thanks,
Pavan Kumar
Yes, soon
Where is the next repeater video about burp
In development, actually. Thanks for the encouragement.
thank u
You're welcome!
Solution for this vulnerability??
use front end and backend
Can I buy something off of a site using this?
Possibly. It depends on the quality of the site's code.
If you could help my do this step by step today that would be awesome
When you say "step by step", do you want a hard list in the comments?
niceee
Thanks
Can others see that
No, just you.
Bro help me please
upload full playlist please
I have to go and make the videos. Do you want a full series?
@@WebDevwithMatt yes please... The way you explain is amazing.
@@Mannnmauji you are too kind. Thank you. I'm currently working through planning a course on Burp Suite. No timeline yet for when it will start rolling out.
U said U will explain about other stuffs and you didn't :D
I didn't? Sorry about that. I'll have to update the video to either not mention that, or to add those other things that I mentioned. Thanks for calling me out on that.
@@WebDevwithMatt very funny, the video still hasn't been uploaded
😂😂 is just like changing in ispect element
😂😂 oh, not always. There are some cases that we need to test right after receiving the response
Except the big difference is this makes changes in the server and inspect element only does it in your browser
@@aztsetodkivok408 but when page resfreshed, it's back to original value.
k