Tuesday, September 8, 2009

BToD Using Repeater


Today's tip is regarding the use of repeater. Essentially, I've seen folks modify intercepted requests in their Burp proxy and then submit them to the application and view the response in the web-browser when this is certainly not needed. I've certainly neeeever done this :0, mmm okay okay we are all human. This technique is certainly beneficial in some instances but other times it is very much wasted energy. One good example is waiting for time delays.

If you are probing for Blind SQL Injection and are using time delays......the need to request and subsequently view the response in browser seems unnecessary. So, just a quick intro to repeater and hopefully some time can be saved. Lets get started shall we?

Throw your request into repeater by intercepting the request in your proxy or using proxy history. To do so, right click on the request of interest and select 'send to repeater' like so:


Navigate to the repeater tab and modify your request. In this example I show every tick mark and space URL encoded because I want the point to get across that your repeater content must be modified in comparison to the web browser that performs any encoding for you. So we are ready to fire:


At this point simply click 'go' in the upper left hand corner. You can modify the time accordingly and increment however you may choose. Just make sure to have a stop watch to time the responses for variances in the response.

Three other repeater features to note.

1) If you are testing for forceful browsing OR in our case we know using SSL encrypts and bypasses IDS/IPS detection signatures and we would like to send this request in SSL you can check the 'use ssl' highlighted here:


2) If you notice that you are annoyed by the amount of Repeater tabs you have open you can always choose to delete a tab like so:

3) It may be necessary to follow a '302' redirect sequence all the way to (hopefully) a '200' response. To do so, you can choose this option here:


Happy Hacking!
cktricky

No comments: