So I have been following the TryHackMe learning paths over the last month, and today I finished the BurpSuite Repeater room.. THM has been a really great site to learn in, although the sheer information and amount of skills and knowledge you need to leverage these attacks is immense.

I’ve done a few rooms so far, but because I’ve decided to do this blog as a reflection on what I’ve done, I’m just going to start here with the BurpSuite Repeater room. This has been a really interesting experience for me so far and I am learning a lot. Learning BurpSuite is the next part of my learning path.

So BSR allows you to capture GET requests from a web browser, which you have to configure to use your own proxy first (another thing I think I’ve already forgotten, even though I set it up a week ago! Once you have captured the GET request, you can then inspect the headers and other info, and then modify it to see what you want. If you want to constantly modify these requests and try different data in quick succession, that’s where BSR comes in.

I’ve done a tiny bit of SQL after covering it at university over 20 years ago, so I’m very rusty. I’m going to have to look at it again to brush up on what to do. BurpSuite though is a pretty cool tool and I’m heading into the THM Juice Shop room next, so I will be using it more there.

My only complaint so far about these THM rooms is sometimes you need to jump between rooms for different content. For example, the Juice Shop was supposed to be the next room on my learning path, however it said I should complete this room first in order to continue. So I think maybe the order should be changed to prevent jumping around.

I’m looking forward to this next room.