Understanding Directory Traversal Attack using Burp suite-2023

What is Directory Traversal ?

Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application.

This might include application code and data, credentials for back-end systems, and sensitive operating system files. In some cases, an attacker might be able to write to arbitrary files on the server, allowing them to modify application data or behavior, and ultimately take full control of the server.

For in depth understanding refer PortSwigger.net

In this example, we are going to implement a test case for directory traversal attack and understand how it is works and how it is harmful to our application. We will use community edition of Burp Suite, a widely used software for penetration testing. Let’s delve into this 🙂

STEP 1:

Create an account on PortSwigger.net then download Burp Suite software, and then go to https://portswigger.net/web-security/file-path-traversal/lab-absolute-path-bypass.

STEP 2:

Open Burp suite use default configurations, then go to "proxy" tab.

Click on "Intercept is Off" option and then click "Open Browser" option.

STEP 3:

The opened Burp Suite browser will look like this

Then go to the URL from the STEP 1 and click "Access Lab" option, copy the URL of the opened web page from the browser.

STEP 4:

Paste the copied URL in the Burp Suite browser and run it, as soon as you run it, the Proxy tab in the Burp Suite would look something like this

Then click "Forward" button in the top-left corner, above the raw data.

STEP 5:

After clicking “Forward” button, it will start loading the web page, you can check all the executed URL’s in the "HTTP history" tab next to "Intercept" option.

Keep forwarding it until the raw data contains some "filename" like this.

STEP 6:

On getting raw data with "filename" parameter, edit it by clicking on it to "/etc/passwd", and then click "forward".

STEP 7:

Go to "HTTP history" tab and click on URL which has “edited” section checked.

If it does not displays the response below, right click on it and select "Send to Repeater" option.

STEP 8:

Go to “Repeater” tab and click on "Send" option you will see the response of our edited request.

That’s it, you have come out of the root directory of the web page, modified arbitary files and accessed unauthorized files. The "response" contains the track of every registered user.
This is one of the many test cases how Directory Traversal is performed.