21 hours 43 minutes
All right. So let's go to the basics of how to set up Burp suite.
So I use this proxy switcher Omega.
Basically I have it configured
So that I have burp. It's set up to a cheapie 1-7001 on Port 80 80.
That way I can switch between proxy through Burp suite
or not using Burp suite at all.
You can also do it directly in the browser. So if I go to preferences or I'm sorry proxy.
I can set my manual proxy to 1 to 7001.80 80 and make sure I have the check mark here and click. Ok. And I can use it that way but I don't do it. I use this uh switcher Omega feature. You can also do something like Foxy proxy if you want.
So that just allows me to quickly either use Burp suite or not use Burp Suite.
So let's start up Burp suite.
Make sure you go to the Community edition, not the Pro
and I am going to
click next start
and this is only for the Pro version so X out of that.
And this is what I was talking about with the proxy it's on by default. So if I
set this to burp and refresh well and already refresh the page, you can see it's just waiting here
and you can wait here forever if you wanted to.
So you need to make sure you click intercept off
and then you can start looking at http history.
So what I can do now
is I can start using
the embedded browser because I like to use the embedded browser. So proxy
options. I'm sorry, target
intercept or proxy intercept. Open browser.
You'll notice you get an error here. I'm gonna go to project options
allow the embedded browser to run without a sandbox.
I'll go back
and now I don't have to worry about things like the certificate authority. If you want to install the certificate authority
we have to do is make sure you were proxy through Burp suite.
Go to burp.
download the CIA certificate, Save it in here
but the preferences
go to certificates,
it's already installed
but that's what you have to do to import that certificate authority. So you could go to https sites. So I'm gonna turn this off again
we're gonna go back and we're going to use the photo blog.
so here we are
and now we're just using the burp embedded browser.
So we don't need to worry about the certificate authority anymore.
So if we went to admin and we could try something like admin password.
Nothing happened. But if we look at HTP history we should see a post request
and you'll see a whole bunch of other traffic here.
But we see our post request. I'm going to right click and send to repeat. Er
now I talked about why I like repeater. You can quickly see the response,
Which is a 30 to redirect.
So we're not going to worry about that.
You can also change the request method so I can change this to a get request and as the user password parameters to it, just so you can kind of mess around with with that.
But here's how we use intruder. So I'm going to send this to intruder.
I'm going to go to positions.
I'm going to basically anything between
these two. There is in green,
you can change
as far as your payload. So I'm going to clear this. I'm going to add password,
I'm going to go to payloads.
You can see I have snipers selected already
simple lists. I want to load a bunch of passwords
so I'm going to go to med ISP Lloyd.
I'm going to go to keep my passwords
and also I talked about the ability to grip.
So if I wanted to grant for a specific word,
I'm going to clear this,
and we'll let this will start the attack
and you'll notice that it warns you that you'll be throttled because this is a community edition.
This can take a long time
but I like to analyze the status
as well as the length.
You'll notice something happened here at 14.
so it found that
and that's why it's highlighted.
And we can guess that the password is this password here.
So if we wanted to we could show the response and the browser is copy this. Go to the browser
and now we can see where the administration of my awesome photo blog.
I also want to show you uh zero
or zap. I should say zed attack proxy.
So let's get out of here.
We'll get out of here.
And now I will go to Zap.
I want to take a little while to load.
I like, you know, I do not want to persist this session at the moment.
I'm gonna do the automated scan.
So we have 192168152.
I'm going to attack this.
This might take a while as well.
But as you can see it has this spider running which is the feature that I said they took out in Burp suite, in the newer Burp suite that they had. The older Burp suite.
So this is trying a whole bunch of different things like robots. Dot txt. Site map
is trying to find all the content that it can.
So I'm gonna look for alert. I can see it found cross site scripting,
I can see it found a sequel injection.
So I like this that it shows you what the alerts are. If I double click,
it will give me more information
about what it found.
I can also request this in a browser.
What that will do is open up a browser for zap.
I'll give you this heads up display option.
So there we go.
The big scary one is there with our cross site scripting vulnerability. I'll talk about that bit later with our cross site scripting block,
but you can also see a sequel syntax error. Here's that heads up display
if you want to do that.
So as you can see just running that um Oh, it also found a down based cross site scripting vulnerability.
So as you can see just doing the Spider
gave me a whole bunch of great information about where to go to next sequel injection to me is going to be
the highest priority in enumerating and we have a whole section on that. So
going to attack in here in Zap, give us a whole lot of good information.
I don't know. I mean the layout is okay. Um of course, you know, Burp suite
I like a little bit better. I think it has better functionality but it doesn't have that scanning option
so messed around with both,
see which one you like and
let me know.