Q1. Create a burp suite project with 2 proxy listeners that are both listening on a different port. Make sure that you INCLUDE gifs, you want to capture gifs as well. You also want to enable disabled fields. Post screenshots of what you changed from the default config.
Q2. Can you explain what all the options in the screenshot do?
Q3. Set burp's scope to capture *.thexssrat.com with shop.thexssrat.com out of scope.
Q4. Explain the following settings for the burp suite's intruder as seen in the list below:
Attack type: Pitchfork
Vars: Get and POST parameters
URL encoding payload 2 into base64
Q5. In the site map, show only the PHP files and take a screenshot
Q6 From within burp, encode the following message at least 2 times and decode it again "Cheese is yummy"
