Webapp proxies

Jump to bottom

lethanhtung01011980 edited this page Jun 16, 2020 · 10 revisions

Goals

To bypass JavaScript validation

Tools

Firefox addon: HttpRequester, Live HTTP headers, Tamper data (Tamper Data with FF is not useful).
Burp: Free version is already installed in Kali Linux at /usr/bin/burpsuite

For Burp CE

To key in scope
To turn on intercept
To change broswer to match Blurp 's proxy at port 8080

Intercept HTTPS request

Export Burp Cert

Turn on Burp and Intercept
Change proxy of Browser to HTTP Proxy and "Use this proxy server for all protocols"
Go to http://burp/cert and download cacert.cer
Go to Certificate manager
Import certificate into browser