# Burp

* <https://portswigger.net/burp/documentation/desktop/getting-started/proxy-setup/certificate/firefox>

## Steps to import for SSL

* Run Burp
* Open <http://burpsuite>
* Download the Certificate (top-right)
* Import into Firefox
  * Settings > Certificates > Import

## Url Encode

* Burp highlight.. and Ctrl-U ..to url encode a section!

## Spider

* Wont find hidden pages, but will pull obscure/linked ones

```
Target > Site Map > Spider This Host

app.js  ..send to repeater

../partials/admin.html      ..found: Download-Backups
../api/users                ..found: password/hashes on page
```

## Discovery

* Scenario: [gobuster ](https://pentest.mxhx.org/02-dirb-masscan-pings#gobuster)is blocked
* Grab the User-Agent String, and re-use with goboster

```
burp > discovery > Copy User-Agent String

gobuster -u http://$IP:3000 -w medium.txt 
-a 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0'
.. still no help
```