We will use Burp Suite to solve the DVWA challenges. To do so we need to configure the tool and our web browser.
Please refer to the official documentation to learn how to install Burp.
On Linux you just have to download and run a script.
Once Burp Suite is installed start it. The Community Edition of Burp Suite only allows for temporary projects, so choose this and click next.
Since we haven't got a configuration yet we choose Burp defaults on the next screen. Later on we can save our config in a file a reload it on the next Burp launch.
Burp Suite is now started. The first thing to do is to configure our target scope which will define the requests we will intercept and modify. To do so :
We choose to avoid accumulating data and click Yes on the pop up that follows.
We configure the proxy to intercept the client requests and server responses only when the URL is in the target scope.
To do so :
And URL Is in target scope.
Do the same for the option
Intercept Server Responses.
We now disable the interception, we will enable it when needed. To do so Proxy > Intercept > Intercept is on.
Burp suite proxy is by default
We configure our Firefox proxy to redirect all requests to Burp.
To do so :
Then configure the proxy with the following settings.
|Manual proxy configuration||Checked|
|No Proxy for||Empty|
Firefox is now setup to use Burp as its proxy. You can now do some challenges with Burp Suite and Firefox.