How to tamper data of a website using Burp Suite

Burp Suite is a tool developed by Portswigger, which is used for penetration testing of web applications. We can perform lots of tasks using burp suite like modification, brute force attack, crawling, etc. It is generally used by security researchers to check possible vulnerability in a website.

In this post we will show you how to tamper data of a website using Burp Suite.

Tamper data of a website using Burp Suite in just 15 steps!

Step 1: Open Burp Suite Community edition in your computer.

How to tamper data of a website using Burp Suite


Step 2: A dashboard will open like this, Go to "Proxy" option present at third number.

How to tamper data of a website using Burp Suite

Step 3: After opening Proxy Tab, click on "interception" button to turn it on.

How to tamper data of a website using Burp Suite


Step 4: Now go to your browser (here Mozilla Firefox) then go to proxy setting to change “Manual Proxy configuration” from “User system Proxy setting”

It’s very important to set proxy at same IP and Port as that of Burp Suite, only then Burp Suite will be able to intercept packets. Moreover, Burp Suite will only work on HTTP websites, to intercept HTTPS (secure) websites like rsmalls.com, you have to install a CA certificate in your Browser.

How to tamper data of a website using Burp Suite


Step 5: Now open given website rsmalls.com 

How to tamper data of a website using Burp Suite


Step 6: A window will pop up in which Price of the given item (gold) is given. Choose the number of units, quality of gold (in terms of M), etc. then click on “BUY NOW”.

How to tamper data of a website using Burp Suite


Step 7: After clicking BUY NOW, new window will not load until we will forward this packet from Burp Suite. Since the interception is turned on, so it will show the details of the packet.

How to tamper data of a website using Burp Suite


Step 8: Now go to “Params” section next to raw to modify the packet. You will see all details of the packet and now look for the Price and change it to your desired value.

How to tamper data of a website using Burp Suite


Step 9: Change the PRICE to 00.00 (or any desired value) and forward the packet.

How to tamper data of a website using Burp Suite


Step 10: Bingo!! Price of the item modified successfully. Now, fill the bill details like Name, E-mail address, etc and click to "PROCEED".

How to tamper data of a website using Burp Suite


Step 11: You will be directed again to Burp Suite. Just forward all the packets without making any changes.

How to tamper data of a website using Burp Suite


Step 12: Forward this packet too.

How to tamper data of a website using Burp Suite


Step 13: You will be directed to final checkout process of the item. Now, click to “continue” for the payment.

How to tamper data of a website using Burp Suite


Step 14: Again, forward all the packets by clicking “Forward” option repeatedly.

How to tamper data of a website using Burp Suite


Step 15: Finally, we reached to the payment gateway to pay 00.00 amount. So, this is the whole procedure to modify a packet in the given website.

How to tamper data of a website using Burp Suite


Sadly, you won't be able to purchase anything using this technique as website are now less vulnerable. But yes this is a great technique for educational purposes.

Cheers

Sciencedoze.com 

Comments

Popular Posts

Scattering of Light- Rayleigh Law of Scattering, Types and Examples

The 12 Principles of Green Chemistry

5 Strange habits of Einstein that made him Genius