To view and manipulate network traffic to and from websites we often use a tool called Burp Suite.

Viewing traffic with the Proxy

To view traffic to and from websites Brup makes acts a so-called "proxy", acting as a middleman between the browser and webserver. The easiest way to connect through this proxy is by using Burp's built-in browser. To open this browser head to the Proxy tab, the Intercept tab and click on Open Browser.

./burp-overview.png

By heading to the HTTP history tab one can view the HTTP requests being made.

./burp-history.png

Sending a modified request

If we want to modify a request we can do so by sending it to the Repeater.

You can do so by right clicking on a request and selecting Send to Repeater.

./burp-send-to-repeater.png

Now you can go to the Repeater tab to modify and repeat the request.

In the image we successfully authenticate by performing an SQL injection.

./burp-repeater.png