Using Burp Suite to view and alter requests
Burp Suite, as OWASP ZAP, is more than just a simple web proxy. It is a fully featured web application testing kit; it has a proxy, request repeater, request automation, string encoder and decoder, vulnerability scanners (in the Pro version), and other useful features.
In this recipe, we will do the previous exercise but this time using Burp's proxy to intercept and alter the requests.
Getting ready
Start Burp Suite and prepare the browser to use it as proxy.
How to do it...
Browse to
http://192.168.56.102/mutillidae/.By default, interception is enabled in Burp's proxy, so it will capture the first request. We need to go to Burp Suite and click on the Intercept is on button in the Proxy tab.
The browser will continue loading the page. When it finishes, we will use Toggle Security to set the correct security level in the application: 1 (Arrogant).
From the menu, navigate to OWASP Top 10 | A1 – SQL Injection | SQLi – Extract Data | User Info.
In the Name...
