As a web proxy intended for use as part a penetration test of websites, Burp Suite allows you to intercept and modify your web traffic on the fly. Alternatively, you can use historical requests that you’ve proxied and then replay them or edit them before sending them to the webserver, in an attempt to identify vulnerabilities.
One way to go through your web traffic is to use the Site map in the “Site map” sub-tab of the “Target” tab. This allows you to see your entire request history in a tree based on the websites and webpages that you’ve visited. The other method is to use the HTTP history, which can be found in the “HTTP History” sub-tab of the “Proxy” tab.
The HTTP history contains a list of all of the requests that you’ve made and the responses they’ve received. By default, the HTTP history hides images, CSS, and general binary files that you’ve requested, by using the filter. You can configure the filter by clicking on the “Filter” bar just below the sub-tab bar.
What types of filters can you apply?
You can configure the filter to filter results based on the type of request such as if the requested resource is within the scope. You can filter by the MIME type of the requested file, such as HTML. You can filter by HTTP status code classes, such as 2xx codes which represent successes.
You can configure specific file extensions that you both want to see and want to hide. You can add comments and annotations to specific requests and then filter by those; a feature that can be helpful if you’re using that to keep track of which specific request contains your proof of concept exploit, or which request you need to look at further. If you’re running multiple proxy listeners, you can filter requests by which port number the request came in to.
If you’re using a “Professional” Burp licence you can also search by custom search terms using regex. At the bottom of the filter customisation panel are three buttons allowing you to show and hide all content, and to revert the filter to its default setting.
In most cases, the default filter is perfectly good to use. If you use the scoping feature though the “Show only in-scope items” filter can be particularly helpful in filtering out other requests.
Did this help? Let us know!