Intro

I first got experience with Burp Suite during TryhackMe’s Advent of Cyber 24 event. Months later I haven’t used it since. I wanted to refresh and learn more so I signed up to Portswigger Web Security Academy to get more hands on experience from the makers of Burp Suite themselves.

This write up covers the first lab in my journey to gain more foundational skills with Burp Suite.

The lab

The first lab in the Apprentice learning path contains a path traversal vulnerability in the display of product images.

The Goal

To solve this lab, the contents of /etc/passwd need to be retrieved.

The Analysis

• My first step was to go into my kali VM to launch Burp Suite and point it at the target website.

• 

  The next step was to select an image and sent it to the Repeater:

  

• From the Repeater I pressed the Send button to ensure I got a good response, indicated by the 200 response code:

  

  

From here I started modifying the filename with ../etc/passwd to move up a directory. Since I didnt know where these files were located on the host file system, I added ../ as many times as needed manually. It took three tries:

What I Learned

1. I need to keep my sills sharp! The little bit I learned about Burp Suite 6 months ago came back to me but I still fumbled around with the interface.

2. I learned how to check if directory traversal vulnerabilities are present with website images and how to exploit this vulnerability.

3. I learned how to increase some of the font in the Burp interface, because it was extremely tiny on first launch.

Conclusion

I plan to continue with Web Security Academy Labs, this was a quick but fun exercise and I look forward to going more in depth and learning more bout Burp Suite and web app security.