When analyzing the spider's results and testing possible inputs to forms, it may be useful to send different versions of the same request changing specific values.
In this recipe, we will learn how to use Burp's repeater to send requests multiple times with different values.
We begin this recipe from the point we left the previous one. It is necessary to have the vulnerable_vm virtual machine running, Burp Suite started, and the browser properly configured to use it as a proxy.
http://192.168.56.102/bodgeit/login.jsp
), the one that says username=test&password=test
.In the Request section (the left-side of the image) we can see the raw request made to the server. The first line shows the method used: POST, the requested URL and the protocol: HTTP 1.1. The next lines, down to Cookie:, are the header parameters; after them we have a line break and then the POST parameters with the values we introduced in the form.
As can be seen, we provoked a system error by changing the value of an input variable. This may indicate a vulnerability in the application. In later chapters, we will cover the testing and identification of vulnerabilities and go deeper into it.
Burp's repeater allows us to manually test different inputs and scenarios for the same HTTP request and analyze the response the server gives to each of them. This is a very useful feature when testing for vulnerabilities, as one can study how the application is reacting to the various inputs it is given and act in consequence to identify or exploit possible weaknesses in configuration, programming, or design.
18.191.233.43