TryHackMe Write ups

Burp Suite: The Basics

Task 14: Example Attack

Having looked at how to set up and configure our proxy, let's go through a simplified real-world example.

We will start by taking a look at the support form at http://10.10.161.105/ticket/:

In a real-world web app pentest, we would test this for a variety of things, one of which would be Cross-Site Scripting (or XSS). If you have not yet encountered XSS, it can be thought of as injecting a client-side script (usually in Javascript) into a webpage in such a way that it executes. There are various kinds of XSS – the type that we are using here is referred to as "Reflected" XSS, as it only affects the person making the web request. Walkthrough

Try typing: <script>alert("Succ3ssful XSS")</script>, into the "Contact Email" field. You should find that there is a client-side filter in place which prevents you from adding any special characters that aren't allowed in email addresses:

Moving forward...............

Basically we can bypass the filter by intercepting traffic with Burp and modifying <email=pentester%40example.thm&content=pentester%40example.thm> by replacing the email string with <script>alert("Succ3ssful XSS")</script>

The email string should no look like this <email=<script>alert("Succ3ssful XSS")</script>&content=pentester%40example.thm> **Minus the arrow brackets

After correctly modifying the email string we forward the HTTP/s request.

If done correctly, you will receive a toast pop up.