[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-2f753b6f-1f66-4654-a7bc-b4d688d869d2":3,"$fLv1FxCKJmod2WdW59vXX78EZP2xYWLtoshYW2AKflz4":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"2f753b6f-1f66-4654-a7bc-b4d688d869d2","burp-suite-testing","使用Burp Suite的集成工具集执行全面的Web应用程序安全测试，包括HTTP流量拦截和修改、请求分析和回放、自动漏洞扫描以及手动测试流程。","cat_coding_review","mod_coding","sickn33,coding","---\nname: burp-suite-testing\ndescription: \"Execute comprehensive web application security testing using Burp Suite's integrated toolset, including HTTP traffic interception and modification, request analysis and replay, automated vulnerability scanning, and manual testing workflows.\"\nrisk: offensive\nsource: community\nauthor: zebbern\ndate_added: \"2026-02-27\"\n---\n\n> AUTHORIZED USE ONLY: Use this skill only for authorized security assessments, defensive validation, or controlled educational environments.\n\n# Burp Suite Web Application Testing\n\n## Purpose\n\nExecute comprehensive web application security testing using Burp Suite's integrated toolset, including HTTP traffic interception and modification, request analysis and replay, automated vulnerability scanning, and manual testing workflows. This skill enables systematic discovery and exploitation of web application vulnerabilities through proxy-based testing methodology.\n\n## Inputs \u002F Prerequisites\n\n### Required Tools\n- Burp Suite Community or Professional Edition installed\n- Burp's embedded browser or configured external browser\n- Target web application URL\n- Valid credentials for authenticated testing (if applicable)\n\n### Environment Setup\n- Burp Suite launched with temporary or named project\n- Proxy listener active on 127.0.0.1:8080 (default)\n- Browser configured to use Burp proxy (or use Burp's browser)\n- CA certificate installed for HTTPS interception\n\n### Editions Comparison\n| Feature | Community | Professional |\n|---------|-----------|--------------|\n| Proxy | ✓ | ✓ |\n| Repeater | ✓ | ✓ |\n| Intruder | Limited | Full |\n| Scanner | ✗ | ✓ |\n| Extensions | ✓ | ✓ |\n\n## Outputs \u002F Deliverables\n\n### Primary Outputs\n- Intercepted and modified HTTP requests\u002Fresponses\n- Vulnerability scan reports with remediation advice\n- HTTP history and site map documentation\n- Proof-of-concept exploits for identified vulnerabilities\n\n## Core Workflow\n\n### Phase 1: Intercepting HTTP Traffic\n\n#### Launch Burp's Browser\nNavigate to integrated browser for seamless proxy integration:\n\n1. Open Burp Suite and create\u002Fopen project\n2. Go to **Proxy > Intercept** tab\n3. Click **Open Browser** to launch preconfigured browser\n4. Position windows to view both Burp and browser simultaneously\n\n#### Configure Interception\nControl which requests are captured:\n\n```\nProxy > Intercept > Intercept is on\u002Foff toggle\n\nWhen ON: Requests pause for review\u002Fmodification\nWhen OFF: Requests pass through, logged to history\n```\n\n#### Intercept and Forward Requests\nProcess intercepted traffic:\n\n1. Set intercept toggle to **Intercept on**\n2. Navigate to target URL in browser\n3. Observe request held in Proxy > Intercept tab\n4. Review request contents (headers, parameters, body)\n5. Click **Forward** to send request to server\n6. Continue forwarding subsequent requests until page loads\n\n#### View HTTP History\nAccess complete traffic log:\n\n1. Go to **Proxy > HTTP history** tab\n2. Click any entry to view full request\u002Fresponse\n3. Sort by clicking column headers (# for chronological order)\n4. Use filters to focus on relevant traffic\n\n### Phase 2: Modifying Requests\n\n#### Intercept and Modify\nChange request parameters before forwarding:\n\n1. Enable interception: **Intercept on**\n2. Trigger target request in browser\n3. Locate parameter to modify in intercepted request\n4. Edit value directly in request editor\n5. Click **Forward** to send modified request\n\n#### Common Modification Targets\n| Target | Example | Purpose |\n|--------|---------|---------|\n| Price parameters | `price=1` | Test business logic |\n| User IDs | `userId=admin` | Test access control |\n| Quantity values | `qty=-1` | Test input validation |\n| Hidden fields | `isAdmin=true` | Test privilege escalation |\n\n#### Example: Price Manipulation\n\n```http\nPOST \u002Fcart HTTP\u002F1.1\nHost: target.com\nContent-Type: application\u002Fx-www-form-urlencoded\n\nproductId=1&quantity=1&price=100\n\n# Modify to:\nproductId=1&quantity=1&price=1\n```\n\nResult: Item added to cart at modified price.\n\n### Phase 3: Setting Target Scope\n\n#### Define Scope\nFocus testing on specific target:\n\n1. Go to **Target > Site map**\n2. Right-click target host in left panel\n3. Select **Add to scope**\n4. When prompted, click **Yes** to exclude out-of-scope traffic\n\n#### Filter by Scope\nRemove noise from HTTP history:\n\n1. Click display filter above HTTP history\n2. Select **Show only in-scope items**\n3. History now shows only target site traffic\n\n#### Scope Benefits\n- Reduces clutter from third-party requests\n- Prevents accidental testing of out-of-scope sites\n- Improves scanning efficiency\n- Creates cleaner reports\n\n### Phase 4: Using Burp Repeater\n\n#### Send Request to Repeater\nPrepare request for manual testing:\n\n1. Identify interesting request in HTTP history\n2. Right-click request and select **Send to Repeater**\n3. Go to **Repeater** tab to access request\n\n#### Modify and Resend\nTest different inputs efficiently:\n\n```\n1. View request in Repeater tab\n2. Modify parameter values\n3. Click Send to submit request\n4. Review response in right panel\n5. Use navigation arrows to review request history\n```\n\n#### Repeater Testing Workflow\n\n```\nOriginal Request:\nGET \u002Fproduct?productId=1 HTTP\u002F1.1\n\nTest 1: productId=2    → Valid product response\nTest 2: productId=999  → Not Found response  \nTest 3: productId='    → Error\u002Fexception response\nTest 4: productId=1 OR 1=1 → SQL injection test\n```\n\n#### Analyze Responses\nLook for indicators of vulnerabilities:\n\n- Error messages revealing stack traces\n- Framework\u002Fversion information disclosure\n- Different response lengths indicating logic flaws\n- Timing differences suggesting blind injection\n- Unexpected data in responses\n\n### Phase 5: Running Automated Scans\n\n#### Launch New Scan\nInitiate vulnerability scanning (Professional only):\n\n1. Go to **Dashboard** tab\n2. Click **New scan**\n3. Enter target URL in **URLs to scan** field\n4. Configure scan settings\n\n#### Scan Configuration Options\n\n| Mode | Description | Duration |\n|------|-------------|----------|\n| Lightweight | High-level overview | ~15 minutes |\n| Fast | Quick vulnerability check | ~30 minutes |\n| Balanced | Standard comprehensive scan | ~1-2 hours |\n| Deep | Thorough testing | Several hours |\n\n#### Monitor Scan Progress\nTrack scanning activity:\n\n1. View task status in **Dashboard**\n2. Watch **Target > Site map** update in real-time\n3. Check **Issues** tab for discovered vulnerabilities\n\n#### Review Identified Issues\nAnalyze scan findings:\n\n1. Select scan task in Dashboard\n2. Go to **Issues** tab\n3. Click issue to view:\n   - **Advisory**: Description and remediation\n   - **Request**: Triggering HTTP request\n   - **Response**: Server response showing vulnerability\n\n### Phase 6: Intruder Attacks\n\n#### Configure Intruder\nSet up automated attack:\n\n1. Send request to Intruder (right-click > Send to Intruder)\n2. Go to **Intruder** tab\n3. Define payload positions using § markers\n4. Select attack type\n\n#### Attack Types\n\n| Type | Description | Use Case |\n|------|-------------|----------|\n| Sniper | Single position, iterate payloads | Fuzzing one parameter |\n| Battering ram | Same payload all positions | Credential testing |\n| Pitchfork | Parallel payload iteration | Username:password pairs |\n| Cluster bomb | All payload combinations | Full brute force |\n\n#### Configure Payloads\n\n```\nPositions Tab:\nPOST \u002Flogin HTTP\u002F1.1\n...\nusername=§admin§&password=§password§\n\nPayloads Tab:\nSet 1: admin, user, test, guest\nSet 2: password, 123456, admin, letmein\n```\n\n#### Analyze Results\nReview attack output:\n\n- Sort by response length to find anomalies\n- Filter by status code for successful attempts\n- Use grep to search for specific strings\n- Export results for documentation\n\n## Quick Reference\n\n### Keyboard Shortcuts\n| Action | Windows\u002FLinux | macOS |\n|--------|---------------|-------|\n| Forward request | Ctrl+F | Cmd+F |\n| Drop request | Ctrl+D | Cmd+D |\n| Send to Repeater | Ctrl+R | Cmd+R |\n| Send to Intruder | Ctrl+I | Cmd+I |\n| Toggle intercept | Ctrl+T | Cmd+T |\n\n### Common Testing Payloads\n\n```\n# SQL Injection\n' OR '1'='1\n' OR '1'='1'--\n1 UNION SELECT NULL--\n\n# XSS\n\u003Cscript>alert(1)\u003C\u002Fscript>\n\">\u003Cimg src=x onerror=alert(1)>\njavascript:alert(1)\n\n# Path Traversal\n..\u002F..\u002F..\u002Fetc\u002Fpasswd\n..\\..\\..\\..\\windows\\win.ini\n\n# Command Injection\n; ls -la\n| cat \u002Fetc\u002Fpasswd\n`whoami`\n```\n\n### Request Modification Tips\n- Right-click for context menu options\n- Use decoder for encoding\u002Fdecoding\n- Compare requests using Comparer tool\n- Save interesting requests to project\n\n## Constraints and Guardrails\n\n### Operational Boundaries\n- Test only authorized applications\n- Configure scope to prevent accidental out-of-scope testing\n- Rate-limit scans to avoid denial of service\n- Document all findings and actions\n\n### Technical Limitations\n- Community Edition lacks automated scanner\n- Some sites may block proxy traffic\n- HSTS\u002Fcertificate pinning may require additional configuration\n- Heavy scanning may trigger WAF blocks\n\n### Best Practices\n- Always set target scope before extensive testing\n- Use Burp's browser for reliable interception\n- Save project regularly to preserve work\n- Review scan results manually for false positives\n\n## Examples\n\n### Example 1: Business Logic Testing\n\n**Scenario**: E-commerce price manipulation\n\n1. Add item to cart normally, intercept request\n2. Identify `price=9999` parameter in POST body\n3. Modify to `price=1`\n4. Forward request\n5. Complete checkout at manipulated price\n\n**Finding**: Server trusts client-provided price values.\n\n### Example 2: Authentication Bypass\n\n**Scenario**: Testing login form\n\n1. Submit valid credentials, capture request in Repeater\n2. Send to Repeater for testing\n3. Try: `username=admin' OR '1'='1'--`\n4. Observe successful login response\n\n**Finding**: SQL injection in authentication.\n\n### Example 3: Information Disclosure\n\n**Scenario**: Error-based information gathering\n\n1. Navigate to product page, observe `productId` parameter\n2. Send request to Repeater\n3. Change `productId=1` to `productId=test`\n4. Observe verbose error revealing framework version\n\n**Finding**: Apache Struts 2.5.12 disclosed in stack trace.\n\n## Troubleshooting\n\n### Browser Not Connecting Through Proxy\n- Verify proxy listener is active (Proxy > Options)\n- Check browser proxy settings point to 127.0.0.1:8080\n- Ensure no firewall blocking local connections\n- Use Burp's embedded browser for reliable setup\n\n### HTTPS Interception Failing\n- Install Burp CA certificate in browser\u002Fsystem\n- Navigate to http:\u002F\u002Fburp to download certificate\n- Add certificate to trusted roots\n- Restart browser after installation\n\n### Slow Performance\n- Limit scope to reduce processing\n- Disable unnecessary extensions\n- Increase Java heap size in startup options\n- Close unused Burp tabs and features\n\n### Requests Not Being Intercepted\n- Verify \"Intercept on\" is enabled\n- Check intercept rules aren't filtering target\n- Ensure browser is using Burp proxy\n- Verify target isn't using unsupported protocol\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,77,1464,"2026-05-16 13:09:38",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"代码审查","review","mdi-magnify-scan","代码质量分析、安全审查",4,145,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"632c68b2-aca4-4321-964d-1b2f4cc5bdee","1.0.0","burp-suite-testing.zip",4662,"uploads\u002Fskills\u002F2f753b6f-1f66-4654-a7bc-b4d688d869d2\u002Fburp-suite-testing.zip","9ae93556774d55d2eaea0d70880142f6825596f38a4d25bf0507ff737df0cd39","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":11057}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]