TryHackMe | Burp Suite: Repeater

Tags

Top Highlights

• We have four display options here: Pretty: This is the default option. It takes the raw response and attempts to beautify it slightly, making it easier to read. Raw: The pure, un-beautified response from the server. Hex: This view takes the raw response and gives us a byte view of it -- especially useful if the response is a binary file. Render: The render view renders the page as it would appear in your browser. Whilst not hugely useful given that we would usually be interested in the source code when using Repeater, this is still a neat trick.

• Burp Suite Repeater allows us to craft and/or relay intercepted requests to a target at will. In layman's terms

• the Proxy, edit it, and send the same request repeatedly as many times as we wish

• This ability to edit and resend the same request multiple times makes Repeater ideal for any kind of manual poking around at an endpoint, providing us with a nice Graphical User Interface (GUI) for writing the request payload and numerous views (including a rendering engine for a graphical view) of the response so that we can see the results of our handiwork in action.

• nspector is entirely supplementary

• request and response fields of the Repeater window

• Query Parameters

• Body Parameters

• Request Cookies

• Request Headers

• Response Headers

• modifiable list of the cookies which are being sent with each request

• These cannot be edited

• These components can all be found as text within the request and response sections; however, it can be nice to see them in the tabular format offered by Inspector.

• any of the headers being sent with our requests.

• these can be very useful when attempting to see how a webserver will respond to unexpected headers.

• Adding a single apostrophe (') is usually enough to cause the server to error when a simple SQLi is present