Back to course

Burp Suite II: Using the Repeater

Cyber Security Mastery: From Zero to Hero

Testing for Input-Based Flaws

The Repeater is the most valuable tool in Burp Suite for manually testing single requests against a target server. It allows you to take an intercepted request, modify it, send it, and view the response instantly, repeatedly.

Workflow (Testing SQLi)

  1. Intercept a normal login request in the Proxy tab.
  2. Right-click the request and select 'Send to Repeater'.
  3. Go to the Repeater tab.
  4. In the Request pane, modify the username parameter by adding a SQL injection payload (e.g., ' OR 1=1 --).
  5. Click 'Send'.
  6. View the Response pane to see if the server returned an error (indicating vulnerability) or a successful login page (indicating authentication bypass).

Benefit: Repeater eliminates the need to constantly refresh the browser and re-enter data, making rapid flaw testing highly efficient.