Time
19 hours 55 minutes
Difficulty
Intermediate
CEU/CPE
23

Video Transcription

00:02
I welcome back to the course. So we just wrapped up our discussion on module 10 about web servers and applications.
00:08
So in this video, we're just gonna talk a little bit about some background knowledge, and then we're gonna go into our lab with birth. Sweet.
00:13
So we're going to start here with our pre assessment. So question number one, this is a tool that can be used for Web hacking. So which one of those would that be
00:23
so if he chose burp Sweet. You are correct. And obviously that was kind of easy, Thio. Guess since we're doing that in this lab
00:29
Snore Dozen Intrusion detection system application. John the Ripped her If you're John the Ripper. Excuse me. If you'll recall from module one. When we did that quick win video, John the Ripper was our dictionary attack Password cracker,
00:41
and then wire shark is for sniffing the traffic on your network.
00:45
So question number two
00:47
this or whatever it is can act as a gateway between the local network of a company and the Internet.
00:54
All right, so I guess proxy, you are correct. So, essentially proxies, That gateway I mean it. Get out. Help office Kate or I P address.
01:02
So Post is actually an http command Thio Transmit text to a Web service of process to excuse me for processing
01:11
and then PGP is pretty good privacy. So that's actually a cryptography type of thing. So that's a data encryption or decryption program that medicine off, often used for email or file storage. And then, of course, raid is stands for redundant array of independent disk. So this differ rate levels were not going to touch on that. This course it's more of a digital forensics thing. But
01:32
just so you know, that rate is essentially there to help increase
01:36
your storage capabilities
01:38
and red and the redundancy of your data.
01:41
The question Number three birth suite offers all the following benefits, except which one.
01:48
So if he gets to answer, see, you are correct. So P. P. T. P is actually stands for point to point tunneling protocol. So that's a VPN, or virtual private network tunneling protocol that has encryption.
02:00
All right, so it's clean moving on. So I've listed out the benefits of birth Sweet. Now you can purchase burp suite at this link or just download a free version at this link. It's a little pricey, depending on your budget, so it could get to like the pro version. But it's well worth it. So if you can, if you is, if it's in your budget, I definitely recommend you. Go ahead and do it
02:19
and play around with the tool.
02:22
So we've got http proxy, which we're gonna actually use in this lab.
02:25
And so basically, that operates as a Web proxy, and it's essentially a man in the middle between the browser and the destination service. So if we type in like google dot com, it's the man in the middle between our Web browser and google dot com.
02:38
So that's gonna allow us to interceptor, analyze and even modify a traffic that's passing passing through both directions.
02:45
We've got the scanner benefit, so the paid version actually offers that, but it's a vulnerability scanner. It's really good for checking out different Web applications and see what vulnerabilities there are.
02:54
We've also got intruder, so that's built in tool that can allow us to perform automated attack so things like sequel, injection or cross site scripting, et cetera on different Web applications and then spider just kind of like the name sounds. It allows us to crawl weather applications to help us map out the applications content.
03:13
So if you think of like the Google spider, for example, with websites that crawls around to your website and it checks out the different files and everything and then indexes those in Google search. So a similar thing here with Spider Option.
03:27
So Russell got repeaters, so this tool could be used to modify request to the server than it can resend them, and then it also monitor the results that we get back decoder. It's using preferred encoded data or convert raw data from into various encoded in hash forms.
03:40
The preparer is pretty self explanatory, lets you compare a couple different items of data extender and allows you to load some custom burp extensions.
03:50
And then sequencer is used to analyze the quality of randomness in the sample data items like session tokens.
03:58
All right, so no, uh, Web server Web anything. Conversation would be complete without mentioning a loss. So the open Web Application security project. They come out every every so often with a top 10 list of different Web vulnerability. So,
04:14
um, the 2017 1 is the latest one here, and we're just gonna glance at this list real quick. You could just do a go to their website or just do some Google searching on that. We're not gonna dive into this since the lab doesn't actually cover that component of it. But I just want to know that there is an organization called LA Spot there
04:30
and that if you want to know anything Web related as faras like attacks,
04:34
that's a good resource to use.
04:38
The last resource I have here is exploit pack, so this one's more of, ah, it's outside. The scope of this course is more of an intermediate type, of course, on penetration testing, but this is more an advanced type of tool. As for penetration, testers exploit pat essentially something like 30,000 or more exploits that gives you access to including zero days. So
04:58
when you're working as a penetration texture, it's a great way to just
05:00
essentially
05:02
create any type of exploit you want or use any exploits you want. It's all there in one particular tool, so definitely check it out. They do have some demo stuff on their on their website I mean, then, of course, you know they have the page version of stuff as well, like most companies do, but definitely check it out. Watching different videos on it. It's a good tool to use.
05:21
So in the next video, we're gonna jump right into using birth Sweet. And then we're gonna reconfigure some of the settings on our browser. We're gonna close the browser relaunch and see what kind of data we get back inside a burp sweet, and we'll talk about some of that process is, well.

Up Next

Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor