Using Burp Suite Repeater
When performing a web application assessment, there will often be times that manual testing is required to exploit a given vulnerability. Capturing every response in the proxy, manipulating, and then forwarding can become very time-consuming. Burp Suite's Repeater feature simplifies this by allowing consistent manipulation and submission of a single request, without having to regenerate the traffic in the browser each time. In this recipe, we will discuss how to perform manual text-based audits using the Burp Suite Repeater.
Getting ready
To use Burp Suite to perform web application analysis against a target, you will need to have a remote system that is running one or more web applications. In the examples provided, an instance of Metasploitable2 is used to perform this task. Metasploitable2 has several preinstalled vulnerable web applications running on TCP port 80. For more information on setting up Metasploitable2, refer to the Installing Metasploitable2 recipe...
