National Cyber Warfare Foundation (NCWF) Forums


HTML Injection - Reflected (POST) using BURP p.12 of TheNewBwapp


0 user ratings
2020-07-29 11:52:19
woods
Cloud Range Docs & How-To
I was working my way through the guide when I came to a screeching halt. I was not getting the intercepted raw data in Burp as shown in the screenshot (p.12). After reviewing the configuration settings for BURP and FoxyProxy, I confirmed I had them setup correctly. Not wanting to just move on I began tinkering and was able to perform the injection by doing the following:

1) With FoxyProxy on and Burp open (Intercept on) > clicked Go with John Doe entered in bWAPP
2) Switched to BURP > clicked Forward > Found \"Welcome John Doe\"
3) Modified John Doe to Carl Zamboni > clicked Forward
4) Switched to bWAPP > \"Welcome Carl Zamboni\" displayed

Something to note is that after this was performed I had to toggle the Intercept off/on in order to perform additional injections meaning I was only able to perform it this way once per Intercept session.

I\'ve attached some screenshots as visual aids. Hopefully this thread will help some beginners (like myself) :)

-woods

Edit: I was using the previous version of the bWAPP guide


Comments
new comment
Nobody has commented yet. Will you be the first?
 
return to home



Copyright 2012 through 2020 - National Cyber Warfare Foundation - All rights reserved worldwide.