BurpSuite
Useful settings that you may not have thought or heard about that could be convenient to add into the configuration file in project settings.
This is the settings i love to keep active each time burpsuite is started.
IMPORTANT: When seting these settings up, please start a temporary project file followed by Use Burp Defaults settings.
Don't let any requests through unless it's a setting you want that requires it or the requests will be saved into the configuration file (which we don't want).
If requests have been made, go to HTTP History, rightclick within the request flow and select Clear History
Sorting requests in descending order
I prefer when the newest requests appear at the top instead of at the bottom in the HTTP History section.
Unwanted Extensions
Some extentions are not of interest to us, or they are temporarily of interest until they have been gone through (such as JS files)
Let a few requests through. Click on HTTP History > Click on Filter: Showing all items > Add the following string into Filter by file extension within the Hide section.
Keep this checkbox unticked
js,svg,gif,png,jpg,jpeg,webp,woff,woff2,ttf,css,ico,mp4
Cached pages Removal
Sometimes we just want a raw response.
We don’t want these on startup because we might want to test for a Reflected XSS and the page returns a 304 Not Modified, meaning this is a cached response.
Navigate to the Settings > Tools > Proxy > Match and Replace Rules and check the two boxes as follows.
Do note that if you want to perform cache attacks, these should be unticked.
Intercept request Removal
I really dislike that BurpSuite keeps Interception on by default. Turn it off in Proxy > Intercept
Collaborator Leakage
If you have a private company or work within a company. Information leakage is critical, and we don’t want to leak which customers or vulnerabilities we test on websites. Therefore, set up your own domain within burps settings. Project > Collaborator > Burp Collaborator Server and tick Use Private Collaborator Server and fill out the form