Summary
In this chapter, we learned the normal tools that Burp Suite uses to exploit different types of vulnerabilities. In particular, we exploited SSRF and XSPA to execute commands, extract information and perform tasks in the internal networks. Also, we reviewed the origin of these vulnerabilities. We reviewed an IDOR vulnerability, learned how to exploit it manually, and how to automate its exploitation usingIntruder
. Next, we reviewed some vulnerabilities related to configurations; how they could be critical and not critical, and how we can automate some of them.
We also performed brute forcing to look for valid credentials in two different types of authentications. We created a malicious PDF and learned how to upload it to a website using Burp SuiteProxy
. In the next chapter, we will review the development process of a new extension and provide some tricks and tips for doing so in Burp Suite.