Is there a way to intercept and modify the request being sent. For example if im typing a message on instagram to someone, can i intercept the message and change it
I've not tried it, but you could well be able to do that. However, I'm guessing sites such as Instagram would be properly validating and filtering any external user input.
The changes that you apply on the body Will affect only your client PC (then It Is only a visual modify) or Will send the response to the server? Thanks
I just downloaded it. The PortSwigger website's changed since I last check it out. It seems that you now have to submit your email address to download that version.
hi, i have a doubt! pls let me know... if i intercept a request, edit its response, inject an alert script , if that script is reflected in the website is that an xss vulnerability??
Seems pretty cool. But need to see the actual request from step one like enter in url and stuff. This is pretty cool but need it fully detailed like in steps.
@@Mannnmauji you are too kind. Thank you. I'm currently working through planning a course on Burp Suite. No timeline yet for when it will start rolling out.
Eyo everyone watching,my burpsuite wasn't intercepting and I got NO help from any videos on yt and it was fuckin me over, all I tried failed, but then I found out that burpsuite wasn't intercepting my requests bcz I was trying to crack the DVWA (damn vulnerable websitr application) and that is on your localhost so you have to enable hijacking localhost (just type it in yt), just puttin it out there so you don't have the same issue as I did :)
Software Development with Matt wow never expected you would replied to my message. I found a very informative video th-cam.com/video/3XUo7UBn28o/w-d-xo.html it shows there at somewhere 31 mins how it was performed using wireshark, but can’t fully understand how it was done in a step-by-step manner. I would be so much thankful if you can study that video and make a video on how it’s done.
It will work with whatever website you want to interact with. What way do you need to configure the proxy, or what is the website that you want to interact with? And thanks for the feedback on the video. It really means a lot.
@@WebDevwithMatt thanks for the response, it was quite quick, but I realised that proxying wasn't how I needed to approach my issue. Thanks for the help anyway. Sorry for the inconvenience.
I can't find anything that I've missed but I've tried multiple times from scratch and the request never gets intercepted. Any ideas? Ps. Yes I checked that intercept was turned on...
Hi @@matthough4124, thanks for getting in touch about this. A small configuration of the proxy is covered from about 1:41 onwards. Is that what you're looking for, or have I misunderstood you?
@@WebDevwithMatt its ok i worked it out, on windows the browser and the network settings need to be configured to use the proxy that the burp suite makes
@@MatthewSetter i have done this on my website and i changed the title..but it works only from my laptop, when i open website from my phone or another pc there is no change.
Ah, that explains it. I'm guessing that for your phone or PC you haven't changed the proxy to be the one in Burp Suite. If that's the case then Burp Suite cannot intercept those requests.
@@WebDevwithMatt Hi..Im using foxyproxy addon for google chrome to setup proxy, port iy 8080 and ip is 127.0.0.1...when i made changes to html in burp, changes are made in website when i look from the device that im using burp..im using burp for windows, but when i enter my website from my phone nothing changes, all text is the same..can you please help me?
@@clickscolourblackramiz92 it's helpful for a couple of reasons, such as getting a feel for the application, and giving a client a different response to see how it handles it.
I didn't? Sorry about that. I'll have to update the video to either not mention that, or to add those other things that I mentioned. Thanks for calling me out on that.
this guy has the best voice for this holly shit hahaha. gives off a vibe where its like dont worry ill teach you what you need to know just enjoy
That's some pretty wicked feedback. Thank you.
Agreed!
What a cool voice dude
Thanks for saying so. Too kind.
Hes so calm its so wholesome
Thank you.
Excellent tutorial!! Thank you for this! Please make more on BurpSuite! And great voice btw :D
Thanks! Will do!
I love your voice, you are the Bob Ross of IT
Why thank you! Too kind.
Excellent tutorial, but any other tool you can suggest asides from Burp suite to intercept requests
Three you can try are YAP (www.zaproxy.org/), mitmproxy (mitmproxy.org/), and Charles (www.charlesproxy.com/). I believe Charles is macOS only.
Awesome...I was looking for this type of video...Thanks
Glad to hear that it helped you out.
I watched this video million times,🙏😊it's so cool , I loved it !!!!!
Very kind of you to say so. Thank you.
I try the tutorial, but it's reset when page refreshed.
I mean, it's not change.
Your voice is so fucking amazing, so calming and you just WANT TO listen to it
You are too kind. Thank you.
Great thanks, helped me understand what I needed to return a different response, cheers.
My youtube was in autoplay and this video scared the shit out of me. Great content tho, it helped me a lot
Can you make more of these. Maybe something on intercepting and modifying the payloads
Sure can. Thanks for letting me know that you're keen. I'll need a little bit of time to plan out the series, but I'll make it happen.
Hiiii
Thank you man!
Wondered how to modify response since i already knew how to modify requests
Extremely helpful Thnx Once again!!!
How to modify requests between apk to server
Glad it helped!
Not sure, sorry.
Thanks for the video !
My pleasure!
thanks mannn....still helpful in 2024
Is there a way to intercept and modify the request being sent. For example if im typing a message on instagram to someone, can i intercept the message and change it
did you ever figure it out bro?
if you figure it out let us know, i wanna troll my friends
@@blockify
did you figure it out man?
I've not tried it, but you could well be able to do that. However, I'm guessing sites such as Instagram would be properly validating and filtering any external user input.
how to make it automatic changing string/text on the fly?
That I'm not sure about, sorry.
The changes that you apply on the body Will affect only your client PC (then It Is only a visual modify) or Will send the response to the server? Thanks
THANK you very much INTELLIGENT BOIIII !
You're welcome. I'm glad the video helped.
Good video bro.
Make more videos on burp suit.
Trying to put time aside to do that. Thanks for the support.
at 3:35 is where i can’t figure out
This is for the life this is for
Good job bro
Thank you so much 😀
Thx bro again this is my other ac
Not working , if u turn off the intercept after that and refresh the page its will became the first one so changes are virtual
Thanks for the video and awesome voice =)
Glad you liked it!
thanks for the video, how do you get the community edition????? need to send an backdated email Help!!!!
I just downloaded it. The PortSwigger website's changed since I last check it out. It seems that you now have to submit your email address to download that version.
can i edit the request too? to get the server answer that i want.
As you compose the request yourself, you sure can.
hi, i have a doubt! pls let me know... if i intercept a request, edit its response, inject an alert script , if that script is reflected in the website is that an xss vulnerability??
Same question for me. I need to know the answer as well. Please
Where is the next repeater video about burp
In development, actually. Thanks for the encouragement.
How can you modify part of the new request with a VARIABLE, which was got from the previous request response? Thanks.
Honesly, that I don't know. I'll see what I can find out for you, though.
What's the name of this attack?
Can I buy something off of a site using this?
Possibly. It depends on the quality of the site's code.
Seems pretty cool. But need to see the actual request from step one like enter in url and stuff. This is pretty cool but need it fully detailed like in steps.
Might be best if I re-shoot the video to include that.
upload full playlist please
I have to go and make the videos. Do you want a full series?
@@WebDevwithMatt yes please... The way you explain is amazing.
@@Mannnmauji you are too kind. Thank you. I'm currently working through planning a course on Burp Suite. No timeline yet for when it will start rolling out.
Eyo everyone watching,my burpsuite wasn't intercepting and I got NO help from any videos on yt and it was fuckin me over, all I tried failed, but then I found out that burpsuite wasn't intercepting my requests bcz I was trying to crack the DVWA (damn vulnerable websitr application) and that is on your localhost so you have to enable hijacking localhost (just type it in yt), just puttin it out there so you don't have the same issue as I did :)
Glad you were able to solve your issue.
Can you perform main the middle attack by intercepting OTP request from an email account’s phone number attached to it?
Honestly, that I'm not sure of. I'll investigate and see what I find. Thanks for asking.
Software Development with Matt wow never expected you would replied to my message. I found a very informative video th-cam.com/video/3XUo7UBn28o/w-d-xo.html it shows there at somewhere 31 mins how it was performed using wireshark, but can’t fully understand how it was done in a step-by-step manner. I would be so much thankful if you can study that video and make a video on how it’s done.
@@WebDevwithMatt hey let's talk on telegram @Savagelone, my chrome doesn't work with burp suite
But when you upload your browser Edgar Wrong is disappear and switch on right name
Sorry, I don't follow what you're saying?
How can I do this with an android application more like a game
I'm not sure, as I'm not a big Android user.
Does this work with other websites online? and if so how do I need to configure the proxy? Thanks, I loved the vid.
It will work with whatever website you want to interact with. What way do you need to configure the proxy, or what is the website that you want to interact with? And thanks for the feedback on the video. It really means a lot.
@@WebDevwithMatt thanks for the response, it was quite quick, but I realised that proxying wasn't how I needed to approach my issue. Thanks for the help anyway. Sorry for the inconvenience.
I can't find anything that I've missed but I've tried multiple times from scratch and the request never gets intercepted. Any ideas?
Ps. Yes I checked that intercept was turned on...
EDIT: You didn't mention in the video that you need to configure the listener proxy.
Hi @@matthough4124, thanks for getting in touch about this. A small configuration of the proxy is covered from about 1:41 onwards. Is that what you're looking for, or have I misunderstood you?
@@WebDevwithMatt Yeah but you don't mention at all configuring the browser to use burp as it's proxy
@@WebDevwithMatt its ok i worked it out, on windows the browser and the network settings need to be configured to use the proxy that the burp suite makes
@@matthough4124 Anyway you can share how you configured this?
Could you use other methods in the condition like PROPFIND?
Sure should be able to. I'll have a look and get back to you.
would be cool if you could do it in an automated way, for example: if that line matches with a cartain regex, change it to xyz. or smth like that
At this stage, I don't know if that's possible, but I strongly suspect that it is. I'll see what I can find out.
@@WebDevwithMatt subscribed :3
ever found out anything ?@@WebDevwithMatt
Bro,
How do I change number in 1xbet using Burp Suite
Not sure, sorry. I don't know that site.
Your voice and this video both are very interesting... I m from India.. you video is what I wanted.
Thanks kindly. I really appreciate the feedback.
Aussies are the best. No doubt. 👏
Why, of course!
thank u
You're welcome!
Solution for this vulnerability??
use front end and backend
How to get burpsuite
If you could help my do this step by step today that would be awesome
When you say "step by step", do you want a hard list in the comments?
I think this works only when you load the website from your computer
Why's that Jakov? If the request can be intercepted, the response can be modified. Do you have a particular scenario as an example?
@@MatthewSetter i have done this on my website and i changed the title..but it works only from my laptop, when i open website from my phone or another pc there is no change.
Ah, that explains it. I'm guessing that for your phone or PC you haven't changed the proxy to be the one in Burp Suite. If that's the case then Burp Suite cannot intercept those requests.
@@WebDevwithMatt Hi..Im using foxyproxy addon for google chrome to setup proxy, port iy 8080 and ip is 127.0.0.1...when i made changes to html in burp, changes are made in website when i look from the device that im using burp..im using burp for windows, but when i enter my website from my phone nothing changes, all text is the same..can you please help me?
It seems like your phone's not configured to use the same proxy.
why you sound like my dad when he teach me something....but hey..thats cool ...it works for me
Maybe it's just my voice :-) along with the proximity effect of the mic, which I LOVE!
Hi sir, it is really great
Can you please do more vedios on burp suite
Thanks,
Pavan Kumar
Yes, soon
You didnt modify any request parameter. Modifying the response is useless.
Hey
@@clickscolourblackramiz92 it's helpful for a couple of reasons, such as getting a feel for the application, and giving a client a different response to see how it handles it.
Can others see that
No, just you.
Bro help me please
niceee
Thanks
U said U will explain about other stuffs and you didn't :D
I didn't? Sorry about that. I'll have to update the video to either not mention that, or to add those other things that I mentioned. Thanks for calling me out on that.
@@WebDevwithMatt very funny, the video still hasn't been uploaded
😂😂 is just like changing in ispect element
😂😂 oh, not always. There are some cases that we need to test right after receiving the response
Except the big difference is this makes changes in the server and inspect element only does it in your browser
@@aztsetodkivok408 but when page resfreshed, it's back to original value.
k