Getting started with Burp Proxy’s HTTP history – The Daily Swig

PROFESSIONAL

Burp Proxy is a web proxy server that lets you view, intercept, and even modify the communication between Burp’s browser and web servers.

The HTTP history tab displays a log of the HTTP requests that Burp’s browser makes, along with the matching responses that it receives from the server.

This enables you to:

• Study the behavior of a target website.
• Look for HTTP requests that contain useful parameters and other inputs.
• Look for features of HTTP responses that may indicate vulnerabilities.
• Send interesting requests to other tools in Burp Suite for further testing.

To get started using the HTTP history tab, we recommend following the tutorial below.

For more detailed information about the features of the HTTP history tab, please see the full documentation.

Tutorial

In this tutorial, you’ll learn about the main features of the HTTP history tab using one of the deliberately vulnerable labs on the Web Security Academy.

Step 1: Access the lab

Open Burp’s browser, and use it to access the following lab:

https://portswigger.net/web-security/sql-injection/union-attacks/lab-determine-number-of-columns

Click Access the lab and log in to your PortSwigger account if prompted. This opens your own instance of a deliberately vulnerable shopping website.

Step 2: Populate the HTTP history

To see how the HTTP history tab works, you first need to populate it with requests.

Position Burp’s browser and Burp Suite side by side.

Browse around the shopping site, visiting some of the product pages. As you do this, notice that the HTTP history tab shows details about each request that the browser makes in real-time.

Step 3: View a request and response

To view more details about a particular request, click its entry in the history table. This displays the full text of the request and response in the message editor.

The message editor offers different views for displaying the request and response. You can switch between these using the buttons above the request and response.

To the right of the window, you can see the Inspector panel. The Inspector is a tool offering features designed to help you analyze and work with messages more easily.

Step 4: Sort and filter the history table

You can both sort and filter the history table.

To sort the table using a particular column, simply click on the column header. You might find it useful to sort the history table so that the most recent requests are on top.

To open the Filter settings, click the Filter bar above the history table.

Step 5: Send a request to another tool

You can right-click on a request, either in the history table or the message editor, to open a context menu. From here, you can choose from a range of actions.

One of the most commonly used actions is to send an interesting request to one of Burp’s other tools for further testing.

Learn more about Burp Proxy’s HTTP history

You have now had a brief overview of using the HTTP history tab to study requests and send them to other tools.

Other options for working with a request in the proxy history include:

For more detailed information about the HTTP history and Message editor, please see:

To get more practice using the HTTP history tab, why not try out our Web Security Academy?

Source of this news: https://portswigger.net/burp/documentation/desktop/tools/proxy/history/getting-started-http-history