Dashboard Articles Playground Discussions More
Follow

Burp Suite

Intro 6

WilliamTheGoat
6 years ago

0

So I work closely with a load of pen testers, and have obviously learned a lot from them. I haven’t actually tried it on this level 6 challenge, but I’m presuming I could intercept the POST request to the server and change the pertinent field to Ronald there. Which would be an over-complicated solution to messing with the HTML code behind the scenes.

Would using tools like Burp Suite be overthinking these challenges?

WTG

5replies
3voices
359views
Reply has been removed
Darwin [DIDIx13]
6 years ago

0

Massive spoiler here SilentKiller44 can you delete or edit it please ?

WilliamTheGoat So did you overthink it or you pass it with the easiest way ? :)

Btw can you name us some of your pen testers ?

 

Message me anytime!

SilentKiller44
6 years ago

0

Ok I deleted the post and ya It was a spoiler

Darwin [DIDIx13]
6 years ago

0

Thank you :)

 

Message me anytime!

WilliamTheGoat
6 years ago

0

Not going to name pen testers, but the company I work for is the largest in the UK.

WilliamTheGoat
6 years ago

0

I was overthinking it - I did find a simpler way of doing it.

Although the classic way at work would have been using Burp and it would have been reported as ‘broken access controls’.

Consideration is also given to how ‘real world’ an attack is - the solution for this challenge is ‘low tech’ but it’s probably more in reach of most malicious insiders than using an intercepting proxy.

You must be logged in to reply to this discussion. Login
1 of 6

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss