Cybersecurity

User Tools

Site Tools

Trace: 04_env_setup
bbc:04_env_setup

Table of Contents

Ch 4: Environmental Setup and Traffic Interception

Source: Bug Bounty Bootcamp by Vickie Li (No Starch Press, 2021)

OS

Use a Unix-based system. Kali Linux is recommended – it ships with Burp Suite, Gobuster, DirBuster, Wfuzz, and other tools. macOS also works fine.

Burp Suite

Burp is a web proxy that sits between your browser and the server, intercepting and allowing modification of every HTTP/HTTPS request and response.

  • Community – free; intruder is rate-limited; no scanner; no session saving
  • Professional – paid; full intruder speed; active scanner; session saving; match-and-replace rules

Firefox + Burp Setup

  1. Open Firefox > Preferences > General > Network Settings
  2. Select Manual proxy configuration
  3. HTTP Proxy: `127.0.0.1`, Port: `8080`, check “Also use this proxy for HTTPS”

Install Burp's CA Cert

Required to intercept HTTPS without certificate errors:

  1. With Burp running, browse to `http://burp/` in Firefox
  2. Download CA Certificate (top-right link)
  3. Firefox > Preferences > Privacy & Security > View Certificates > Authorities > Import
  4. Select the file, check “Trust this CA to identify websites”
  5. Restart Firefox

Enable Intercept

Burp > Proxy > Intercept > click until it reads Intercept is on. Browse to any HTTPS site to confirm requests appear.

Burp Tools

Proxy – captures all requests/responses. Modify before forwarding. Right-click to send to any other module.

Intruder – automated payload injection. Use for: brute-forcing passwords, iterating IDs for IDOR, fuzzing parameters.

  1. Send to Intruder > Positions tab: highlight value, click Add
  2. Payloads tab: paste list
  3. Start attack, sort results by status/length

Repeater – manually replay and modify individual requests. Most-used for exploitation and bypass testing. Right-click any request > Send to Repeater.

Decoder – encode/decode base64, URL, HTML, hex. Use “Smart decode” when unsure of encoding.

Comparer – diff two requests or responses side by side. Useful for comparing auth vs. unauth responses.

Copy as curl – right-click any request > Copy as curl command. Paste into a report as PoC.

Taking Notes

Organized notes are how you avoid repeating work and missing chains:

  • Per-target folder – subfolders per feature (auth, uploads, API, payments)
  • Record every weird behavior even if not immediately exploitable – revisit during chaining
  • For each vuln class you study: theory, impact, steps to exploit, sample PoC code
  • Tools: Obsidian (Markdown + graph view), Sublime Text, XMind for mind maps
  • Back up to external drive or cloud regularly
bbc/04_env_setup.txt · Last modified: by drew
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki