Getting started with Burp Proxy’s HTTP history – The Daily Swig

PROFESSIONAL

Burp Proxy is a web proxy server that lets you view, intercept, and even modify the communication between Burp’s browser and web servers.

The HTTP history tab displays a log of the HTTP requests that Burp’s browser makes, along with the matching responses that it receives from the server.

This enables you to:

  • Study the behavior of a target website.
  • Look for HTTP requests that contain useful parameters and other inputs.
  • Look for features of HTTP responses that may indicate vulnerabilities.
  • Send interesting requests to other tools in Burp Suite for further testing.

To get started using the HTTP history tab, we recommend following the tutorial below.

For more detailed information about the features of the HTTP history tab, please see the full documentation.

Tutorial

In this tutorial, you’ll learn about the main features of the HTTP history tab using one of the deliberately vulnerable labs on the Web Security Academy.

Step 1: Access the lab

Open Burp’s browser, and use it to access the following lab:

https://portswigger.net/web-security/sql-injection/union-attacks/lab-determine-number-of-columns

Click Access the lab and log in to your PortSwigger account if prompted. This opens your own instance of a deliberately vulnerable shopping website.

Step 2: Populate the HTTP history

To see how the HTTP history tab works, you first need to populate it with requests.

Position Burp’s browser and Burp Suite side by side.

Burp Suite and Burps browser side by side

Browse around the shopping site, visiting some of the product pages. As you do this, notice that the HTTP history tab shows details about each request that the browser makes in real-time.

The history table showing the details for each request

Step 3: View a request and response

To view more details about a particular request, click its entry in the history table. This displays the full text of the request and response in the message editor.

Selecting a request in the history table to open it in the message editor

The message editor offers different views for displaying the request and response. You can switch between these using the buttons above the request and response.

View mode buttons at the top of the message editor

To the right of the window, you can see the Inspector panel. The Inspector is a tool offering features designed to help you analyze and work with messages more easily.

Step 4: Sort and filter the history table

You can both sort and filter the history table.

To sort the table using a particular column, simply click on the column header. You might find it useful to sort the history table so that the most recent requests are on top.

History table sorted in request order

To open the Filter settings, click the Filter bar above the history table.

The filter settings window

Step 5: Send a request to another tool

You can right-click on a request, either in the history table or the message editor, to open a context menu. From here, you can choose from a range of actions.

One of the most commonly used actions is to send an interesting request to one of Burp’s other tools for further testing.

Using the context menu to send a request to Burp Repeater

Learn more about Burp Proxy’s HTTP history

You have now had a brief overview of using the HTTP history tab to study requests and send them to other tools.

Other options for working with a request in the proxy history include:

For more detailed information about the HTTP history and Message editor, please see:

To get more practice using the HTTP history tab, why not try out our Web Security Academy?

Source of this news: https://portswigger.net/burp/documentation/desktop/tools/proxy/history/getting-started-http-history

Related posts:

SSH Host Based Authentication - Security Boulevard
IntroductionAre you an organization that manages or hosts a huge pool of resources on remote locations/servers? Well, host-based authority-validation technique is the most-suited way to manage the a...
More women than ever are starting careers in science - Nature.com
NEWS 05 August 2021 But a study of the publications of millions of researchers also suggests that women are less likely to continue their academic careers than their male counterparts. Katha...
Littoral Combat Teams Need Light Infantry, Not Less | - USNI News
The Marine Corps continues to evolve to deter and, if necessary, defeat Chinese aggression in the Pacific. Force Design 2030 has placed a new emphasis on Marines as forward sensors for maritime and l...
Review: Group-IB Fraud Hunting Platform - Help Net Security - Help Net Security
Today’s Internet is a hectic place. A lot of different web technologies and services are “glued together” and help users shop online, watch the newest movies, or stream the newest hits while jogging....
To decide Best Migration Path totally from Exchange to Office 365? - Infosecurity Magazine
Due to present attacks and multiple ‘proxy’ (authentication bypass) vulnerabilities seen along on-premises Exchange servers, it is a headache for financial concerns to keep updating their machin...
NGINX Commits to Open Source and Kubernetes Ingress – The New Stack - thenewstack.io
At this year’s NGINX Sprint 2.0 virtual conference, NGINX, the arm of F5 behind the popular open source web server/load balancer and reverse proxy of the same name, made several declarations as to i...
CCIV Stock Is Offering an Advantage to Bullish Investors - InvestorPlace
Some are issuing warnings and others are simply letting bearish positions against Churchill Capital Corp (NYSE:CCIV) do their bidding. But bullish investors appear to have the upper hand in CCIV stoc...
6 common use cases of Reverse Proxy scenarios - Packt Hub
Proxy servers are used as intermediaries between a client and a website or online service. By routing traffic through a proxy server, users can disguise their geographic location and their IP address...
How To Utilise A VPN With phone - BollyInside
This tutorial is about the How To Utilise A VPN With phone. We will try our best so that you understand this guide. I hope you like this blog How To Utilise A VPN With phone. If your answer is yes th...
Contingent announces H4000 Essential for reasonable teams - Televisual
Quantum has published the release of the H4000 A must, an all-in-one appliance in which integrates Quantum CatDV about asset management and Dole StorNext 7 shared storage software on the H4000 li...
Gift Card Gang Extracts Cash From 100k Inboxes Daily – Krebs on Security - Krebs on Security
Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of ca...
8 Jupyter Notebook Extensions That Everyone Should Know About - Analytics India Magazine
A product of IPython, Jupyter Notebook has been widely popular among data scientists and is a default environment for research. Jupyter Notebook is an “Open-source web application that allows you t...
Organizers Are Pissed About Apple's Best New Privacy Purpose - Gizmodo
Apple's iCloud Private Relay Supply you with Is Making Carriers Crazi Advertisement Some news outlets offered T-Mobile’s ...
'Neurevt' Trojan Targets Mexican Banking concern Customers - BankInfoSecurity. apresentando
Account Takeover Fraud , Cybercrime , Fraud Remedies & Cybercrime Updated Malware This time Includes Spyware and a Backdoor Prajeet Nair ( @prajeetspeaks ) • June 19, 2021 &nbs...
mIRC 7.67 - Neowin
mIRC is a full featured Internet Relay Chat client for Windows that can be used to communicate, share, play or work with others on IRC networks around the world, either in multi-user group conferenc...
Keep getting redirected to security checks, recaptcha, and chrome errors - Virus, Trojan, Spyware, a...
Hey there, I posted in the windows 10 forum and was asked to post here as I may have a stronger piece of malware on my computer. Here is my original post and the FRST.txt log and Addition.txt lo...
Joey King dissects complex ‘monster’ she plays in ‘The Lie’ - New York Daily News
Last year, she scored an Emmy nomination for her role as Gypsy Rose Blanchard in Hulu’s “The Act,” which follows Blanchard before and after she was convicted for the 2015 murder of her mother, Dee D...
Proxy Vs. VPN: What’s The Difference? - Forbes
VPNs and proxies both obscure your internet protocol (IP) address, making it seem as though you are browsing from a different location. However, while they may have some similar benefits (like spoofi...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30