Using Intercepting Proxies Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
18 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:01
All right. So let's go to the basics of how to set up Burp suite.
00:05
So I use this proxy switcher Omega.
00:09
Basically I have it configured
00:13
So that I have burp. It's set up to a cheapie 1-7001 on Port 80 80.
00:20
That way I can switch between proxy through Burp suite
00:24
or not using Burp suite at all.
00:27
You can also do it directly in the browser. So if I go to preferences or I'm sorry proxy.
00:35
I can set my manual proxy to 1 to 7001.80 80 and make sure I have the check mark here and click. Ok. And I can use it that way but I don't do it. I use this uh switcher Omega feature. You can also do something like Foxy proxy if you want.
00:52
So that just allows me to quickly either use Burp suite or not use Burp Suite.
00:58
So let's start up Burp suite.
01:00
Make sure you go to the Community edition, not the Pro
01:04
and I am going to
01:07
click next start
01:11
and this is only for the Pro version so X out of that.
01:17
And this is what I was talking about with the proxy it's on by default. So if I
01:22
set this to burp and refresh well and already refresh the page, you can see it's just waiting here
01:30
and you can wait here forever if you wanted to.
01:33
So you need to make sure you click intercept off
01:37
and then you can start looking at http history.
01:42
So what I can do now
01:45
is I can start using
01:49
the embedded browser because I like to use the embedded browser. So proxy
01:55
options. I'm sorry, target
02:00
intercept or proxy intercept. Open browser.
02:02
You'll notice you get an error here. I'm gonna go to project options
02:08
miscellaneous,
02:12
allow the embedded browser to run without a sandbox.
02:15
I'll go back
02:17
open browser
02:20
and now I don't have to worry about things like the certificate authority. If you want to install the certificate authority
02:25
we have to do is make sure you were proxy through Burp suite.
02:29
Go to burp.
02:32
Sorry
02:34
http
02:36
burp,
02:38
download the CIA certificate, Save it in here
02:42
but the preferences
02:44
go to certificates,
02:46
import
02:49
the certificate,
02:53
it's already installed
02:54
but that's what you have to do to import that certificate authority. So you could go to https sites. So I'm gonna turn this off again
03:02
and
03:06
we're gonna go back and we're going to use the photo blog.
03:08
Yeah.
03:09
Here
03:16
so here we are
03:17
and now we're just using the burp embedded browser.
03:22
So we don't need to worry about the certificate authority anymore.
03:27
Mhm.
03:28
Okay.
03:30
So if we went to admin and we could try something like admin password.
03:37
Nothing happened. But if we look at HTP history we should see a post request
03:44
and you'll see a whole bunch of other traffic here.
03:46
But we see our post request. I'm going to right click and send to repeat. Er
03:51
now I talked about why I like repeater. You can quickly see the response,
03:54
Which is a 30 to redirect.
03:59
So we're not going to worry about that.
04:00
You can also change the request method so I can change this to a get request and as the user password parameters to it, just so you can kind of mess around with with that.
04:13
But here's how we use intruder. So I'm going to send this to intruder.
04:18
I'm going to go to positions.
04:20
I'm going to basically anything between
04:24
these two. There is in green,
04:27
you can change
04:29
as far as your payload. So I'm going to clear this. I'm going to add password,
04:34
I'm going to go to payloads.
04:39
You can see I have snipers selected already
04:42
simple lists. I want to load a bunch of passwords
04:47
so I'm going to go to med ISP Lloyd.
04:55
I'm going to go to keep my passwords
04:59
and also I talked about the ability to grip.
05:02
So if I wanted to grant for a specific word,
05:09
I'm going to clear this,
05:11
put administration
05:15
and that
05:15
and we'll let this will start the attack
05:18
and you'll notice that it warns you that you'll be throttled because this is a community edition.
05:23
This can take a long time
05:28
but I like to analyze the status
05:30
as well as the length.
05:33
You'll notice something happened here at 14.
05:36
It found
05:40
administration
05:46
somewhere
05:47
there's administration
05:49
so it found that
05:51
and that's why it's highlighted.
05:54
And we can guess that the password is this password here.
06:02
So if we wanted to we could show the response and the browser is copy this. Go to the browser
06:10
paste
06:12
and now we can see where the administration of my awesome photo blog.
06:18
I also want to show you uh zero
06:23
or zap. I should say zed attack proxy.
06:27
So let's get out of here.
06:30
We'll get out of here.
06:32
And now I will go to Zap.
06:41
I want to take a little while to load.
06:47
I like, you know, I do not want to persist this session at the moment.
06:51
I'm gonna do the automated scan.
06:55
So we have 192168152.
06:59
I'm going to attack this.
07:03
Mhm.
07:08
This might take a while as well.
07:11
But as you can see it has this spider running which is the feature that I said they took out in Burp suite, in the newer Burp suite that they had. The older Burp suite.
07:19
So this is trying a whole bunch of different things like robots. Dot txt. Site map
07:25
is trying to find all the content that it can.
07:30
So I'm gonna look for alert. I can see it found cross site scripting,
07:34
I can see it found a sequel injection.
07:38
So I like this that it shows you what the alerts are. If I double click,
07:43
it will give me more information
07:46
about what it found.
08:01
I can also request this in a browser.
08:07
What that will do is open up a browser for zap.
08:13
I'll give you this heads up display option.
08:16
So there we go.
08:18
The big scary one is there with our cross site scripting vulnerability. I'll talk about that bit later with our cross site scripting block,
08:28
but you can also see a sequel syntax error. Here's that heads up display
08:33
if you want to do that.
08:41
So as you can see just running that um Oh, it also found a down based cross site scripting vulnerability.
08:48
So as you can see just doing the Spider
08:50
gave me a whole bunch of great information about where to go to next sequel injection to me is going to be
08:58
the highest priority in enumerating and we have a whole section on that. So
09:03
just
09:05
going to attack in here in Zap, give us a whole lot of good information.
09:11
I don't know. I mean the layout is okay. Um of course, you know, Burp suite
09:16
I like a little bit better. I think it has better functionality but it doesn't have that scanning option
09:24
so messed around with both,
09:28
see which one you like and
09:31
let me know.
Up Next