Practical Web Application Penetration Testing Series – Chapter 3a

September 30, 2016 | Views: 8276

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Burpsuite Scanner Tutorial

Hello Cybrarians,

We are gonna divide this chapter into 3 sections:

  1. A brief intro of burp scanner,configuration and installing add-ons and plugins to it and engaging it with explorer 
  2. Keep going on pentesting http://testphp.acunetix.com/ with burp scanner in Kali 
  3. Tutorial about using WAF Bypass plugins in Burpsuite for real world penetration testing. (Gray hat hackers)

 

1- Let’s start Burpsuite in Kali Linux by going to the application menu in the top left of the screen.

Screenshot from 2016-09-16 23-20-04.png

When you run it, click “next” and then start burpsuite. You should see the main screen of burp suite. 

Screenshot from 2016-09-16 23-28-24.png

My burp suite version is 1.7.03 and may look different from yours since I installed many plugins before, but I will explain everything that is needed here.

The first tab we want to configure is the proxy tab. Click on “proxy tab” and then click on “options”:

Screenshot from 2016-09-16 23-36-57.png

Note: Burpsuite is one of those web scanners that can be used in 2 ways. One is as a separate, independent web scanner like acunetix or netsparker and the other is what makes it the best one for advanced penetration testers. It is the capability of using it as a web proxy tool. This means Burpsuite sits between the requests and responses made from browsers like chrome, Firefox, and the destination web server (taking the role of Man In The Middle). So, we can intercept every single request in detail and this is the power of Burpsuite.

Back to our config, this is the place where we set and prepare Burpsuite to act as a proxy. In proxy listener make sure that interface is set to 127.0.0.1:8080 and is checked. In Intercept client requests, make sure that Intercept requests based on the following rules is checked:

Screenshot from 2016-09-16 23-53-04.png

Scroll the mouse down and make sure that Intercept server responses is there and that the Intercept responses based on the following rules is checked.

There are many other settings in this tab, but we are not going to the details of them as they are out of our discussion. However, you can read the manual of Burpsuite (which I recommend).

Now go to spider tab, in the main tabs of burp suite, and the control sub tab in spider scope, check the “use suite scope[defined in target lab]”

Screenshot from 2016-09-17 00-07-48.png

Back to main tabs, go to the scanner tab, then options and scroll down to see Active Scanning Optimization. Click on the drop down menu in front of the Scan accuracy and select “Minimize false positive.”

Screenshot from 2016-09-17 00-25-30.png

This option will make our vulnerability detection more accurate by retesting found issues more.

Now, go to the Extender tab, then click on “BApp store” sub tab .

bypasswaf.png

In the list you can see many plugins available for Burpsuite. We will need to install a few of them. First click on “Bypass WAF” and in at the bottom of the right section click “install”. Then we install a CO2 plugin. Now it is time to configure our bypass waf plugin.  Go to the “Project Option” tab and click on “sessions”:

sessions.png

Click “add”, then in the Rule Description, provide a name like Bypass WAF:

bypass waf.png

Next, click “Add “in the Rule Action section, then select “Invoke a burp extension”

add.png

In the new window, select Bypass WAF and then select “ok”.

set1.png

Now click on the new rule you created. Then, select the Scope tab from top of the window.

set2.png

In the Tools Scope section, check all the options. Under Url Scope, check “Use suite scope [Defined in target tab]”

set3.png

Next, press “ok”. Now we have installed the waf bypass plugin correctly.

We don’t need to configure the co2 plugin yet since we are going to configure and work with it later in the exploitation phase.

Now we want to engage our Burpsuite to Firefox. Open Firefox or IceWeasel in Kali and install “Proxy Selector addon” on it. This is optional and anyone can use any proxy switcher addon for Firefox (this is for fast switching our browser proxy) or manually configure the browser proxy. Either way, I use proxy selector.

Now click on the proxy selector and choose “Manage proxies”

proxy.png

proxy.png

Now click on “add”, then configure it like the picture below and click “OK “:

proxy.png

That’s all for now. If we set the proxy selector to Burpsuite and visit a website, it will catch the request and waits for our orders.

proxy2.png

For testing, I send a request to http://testphp.acunetix.com/ and you can see my burp has the request:

1.png

We will start scanning this site with burpsuite in the next section. 

Thanks everybody!

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
15 Comments
  1. Is this is a important part in hacking? Noob here

  2. Looking forward your next article!
    Tks for sharing!

  3. Thanks, will be waiting for the next chapter

  4. thank’s you i will wait 🙂

Page 1 of 3123»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel