Burp Proxy vs MITM

I have recently started using Burp as a proxy for hunting bugs on websites and I see many submissions where people have intercepted and modified requests/responses to exploit certain logic flaws in web applications. However, this is possible only because we have installed Burp’s certificate in our browser that allows it to decrypt the traffic to and from the web application. However, in a realistic scenario, the attacker would have to conduct a MITM attack to intercept/modify traffic. This makes me wonder what the point is of traffic interceptions using Burp.

Burp not intercepting live video stream

I have set up Burp proxy to intercept requests of an Android app. I am able to intercept app API calls except for live video streams. I am not aware of how the video stream is implemented but assuming there should be WebSocket or HTTP requests made to stream video.

Please help me how can I intercept live streaming. My aim is to stream video on a laptop.

Burp Suite change value cookie

I’m trying to change the value of a cookie using the Burp option, “Match and Replace”. Here is my configuration: Item: Request header Match: cookieName:.*; Replace: cookieName:myValue; Type: Literal.

Unfortunately, it does not work with this configuration. Do you have any suggestions?

Local Burp Proxy not showing routed packets

I created a hotspot on wlp2s0 and connected an android device, whose IP is 10.42.0.62.

I am trying to route my all packets from my wlp2s0 interface to burp proxy which running on 8080 and I also enabled invisible proxy, but still no luck

I am routing packets using this firewall rule

iptables -t nat -A PREROUTING -s 10.42.0.62 -p tcp -j REDIRECT --to-ports 8080 

After enabling this rule Internet access on device stops working means rule is working, but burp proxy is not showing any data flow.

Please anybody point out what I am doing wrong, I wasted many hours in this.

Update: I was trying Burp Proxy on PC browser and was playing with proxy settings like Socks5 and resolve dns over Socks5 and then burp proxy stopped working even on PC browser. So I think when I route packets through Burp then it not resolves DNS queries and then my android stucks at DNS requests and there is no flow of TCP packets, that’s why Burp Not showing anything. So, I think main question is how we can resolve DNS queries through Burp Proxy.

Is there a difference between editing HTTP messages manually or with burp for example? (WebGoat HTTP intercept exercise “problem”)

I am diving now into WebGoat, there’s this little exercise in the “general” tab calle d “http proxies” which asks you to use zap/burp to intercept and modify a request, this is what is being us asked.

enter image description here

I understood what is being us asked to do, but I don’t understand why if I change it manually it doesn’t work, whereas if I use the burp button “change request method” does, as it’s the same text at the end, am I missing something?

This is the original request

And here after I modify it with the button

The only difference is that I write that GET string manually and then add the ?changeMe=Requests+are+tampered+easily I don’t understand why it won’t work and it’s driving me nuts.

Oh and another thing, if I enter the x-request-intercepted:true below Cookie sometimes wont work, is it being considered body or what? (there isn’t a break line)

How to sniff direct websocket connection in android ( i.e. no HTTP Upgrade connections ) using BURP?

I’ve pentested a lot of websites and a few apps too but this app eludes them all. On the websites, when there’s a websocket upgrade the BURP proxy recognizes it and starts showing it in the websockets tab. Somewhat similar happens on the apps, but not on this one.

This app doesn’t do any such thing.

How this app works :

  1. Gets it’s websocket endpoints from a config, downloaded from a website. Then ‘mysteriously’ it makes a connection to the websocket server, which isn’t visible in the BURP proxy.

My Setup : 1. Rooted phone with frida running and objection framework for ssl unpinning ( although not needed here, as I am already able to see all the http(s) traffic from the app ).

FYI I’ve added my BURP cert as root authority in my android 7.0 phone.

I’ve also tried ‘invisible proxying’ ( not sure how it works ) didn’t work either.

Any ideas would help ?

Thanks.

How to prevent an user from tampering a request using Burp

Our rails application has a feature where admin can from trigger sending verify email to users that haven’t been verified yet but not to verified ones.

However, it was pointed out that by intercepting this PUT request and modifying the id to another one it was possible to send verify email even to the already verified users thereby confusing them.

How do I make sure that I can find out that the request was tampered with.

I can keep track of the users sent invites to and how many times but it still doesn’t solve the problem that anyone can trigger an email to anyone if the know or guess their user id which again is visible from in the user details page in the format users/17.

I’m not sure how do I solve this problem.