Using Intercepting Proxies Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
21 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:01
All right. So let's go to the basics of how to set up Burp suite.
00:05
So I use this proxy switcher Omega.
00:09
Basically I have it configured
00:13
So that I have burp. It's set up to a cheapie 1-7001 on Port 80 80.
00:20
That way I can switch between proxy through Burp suite
00:24
or not using Burp suite at all.
00:27
You can also do it directly in the browser. So if I go to preferences or I'm sorry proxy.
00:35
I can set my manual proxy to 1 to 7001.80 80 and make sure I have the check mark here and click. Ok. And I can use it that way but I don't do it. I use this uh switcher Omega feature. You can also do something like Foxy proxy if you want.
00:52
So that just allows me to quickly either use Burp suite or not use Burp Suite.
00:58
So let's start up Burp suite.
01:00
Make sure you go to the Community edition, not the Pro
01:04
and I am going to
01:07
click next start
01:11
and this is only for the Pro version so X out of that.
01:17
And this is what I was talking about with the proxy it's on by default. So if I
01:22
set this to burp and refresh well and already refresh the page, you can see it's just waiting here
01:30
and you can wait here forever if you wanted to.
01:33
So you need to make sure you click intercept off
01:37
and then you can start looking at http history.
01:42
So what I can do now
01:45
is I can start using
01:49
the embedded browser because I like to use the embedded browser. So proxy
01:55
options. I'm sorry, target
02:00
intercept or proxy intercept. Open browser.
02:02
You'll notice you get an error here. I'm gonna go to project options
02:08
miscellaneous,
02:12
allow the embedded browser to run without a sandbox.
02:15
I'll go back
02:17
open browser
02:20
and now I don't have to worry about things like the certificate authority. If you want to install the certificate authority
02:25
we have to do is make sure you were proxy through Burp suite.
02:29
Go to burp.
02:32
Sorry
02:34
http
02:36
burp,
02:38
download the CIA certificate, Save it in here
02:42
but the preferences
02:44
go to certificates,
02:46
import
02:49
the certificate,
02:53
it's already installed
02:54
but that's what you have to do to import that certificate authority. So you could go to https sites. So I'm gonna turn this off again
03:02
and
03:06
we're gonna go back and we're going to use the photo blog.
03:08
Yeah.
03:09
Here
03:16
so here we are
03:17
and now we're just using the burp embedded browser.
03:22
So we don't need to worry about the certificate authority anymore.
03:27
Mhm.
03:28
Okay.
03:30
So if we went to admin and we could try something like admin password.
03:37
Nothing happened. But if we look at HTP history we should see a post request
03:44
and you'll see a whole bunch of other traffic here.
03:46
But we see our post request. I'm going to right click and send to repeat. Er
03:51
now I talked about why I like repeater. You can quickly see the response,
03:54
Which is a 30 to redirect.
03:59
So we're not going to worry about that.
04:00
You can also change the request method so I can change this to a get request and as the user password parameters to it, just so you can kind of mess around with with that.
04:13
But here's how we use intruder. So I'm going to send this to intruder.
04:18
I'm going to go to positions.
04:20
I'm going to basically anything between
04:24
these two. There is in green,
04:27
you can change
04:29
as far as your payload. So I'm going to clear this. I'm going to add password,
04:34
I'm going to go to payloads.
04:39
You can see I have snipers selected already
04:42
simple lists. I want to load a bunch of passwords
04:47
so I'm going to go to med ISP Lloyd.
04:55
I'm going to go to keep my passwords
04:59
and also I talked about the ability to grip.
05:02
So if I wanted to grant for a specific word,
05:09
I'm going to clear this,
05:11
put administration
05:15
and that
05:15
and we'll let this will start the attack
05:18
and you'll notice that it warns you that you'll be throttled because this is a community edition.
05:23
This can take a long time
05:28
but I like to analyze the status
05:30
as well as the length.
05:33
You'll notice something happened here at 14.
05:36
It found
05:40
administration
05:46
somewhere
05:47
there's administration
05:49
so it found that
05:51
and that's why it's highlighted.
05:54
And we can guess that the password is this password here.
06:02
So if we wanted to we could show the response and the browser is copy this. Go to the browser
06:10
paste
06:12
and now we can see where the administration of my awesome photo blog.
06:18
I also want to show you uh zero
06:23
or zap. I should say zed attack proxy.
06:27
So let's get out of here.
06:30
We'll get out of here.
06:32
And now I will go to Zap.
06:41
I want to take a little while to load.
06:47
I like, you know, I do not want to persist this session at the moment.
06:51
I'm gonna do the automated scan.
06:55
So we have 192168152.
06:59
I'm going to attack this.
07:03
Mhm.
07:08
This might take a while as well.
07:11
But as you can see it has this spider running which is the feature that I said they took out in Burp suite, in the newer Burp suite that they had. The older Burp suite.
07:19
So this is trying a whole bunch of different things like robots. Dot txt. Site map
07:25
is trying to find all the content that it can.
07:30
So I'm gonna look for alert. I can see it found cross site scripting,
07:34
I can see it found a sequel injection.
07:38
So I like this that it shows you what the alerts are. If I double click,
07:43
it will give me more information
07:46
about what it found.
08:01
I can also request this in a browser.
08:07
What that will do is open up a browser for zap.
08:13
I'll give you this heads up display option.
08:16
So there we go.
08:18
The big scary one is there with our cross site scripting vulnerability. I'll talk about that bit later with our cross site scripting block,
08:28
but you can also see a sequel syntax error. Here's that heads up display
08:33
if you want to do that.
08:41
So as you can see just running that um Oh, it also found a down based cross site scripting vulnerability.
08:48
So as you can see just doing the Spider
08:50
gave me a whole bunch of great information about where to go to next sequel injection to me is going to be
08:58
the highest priority in enumerating and we have a whole section on that. So
09:03
just
09:05
going to attack in here in Zap, give us a whole lot of good information.
09:11
I don't know. I mean the layout is okay. Um of course, you know, Burp suite
09:16
I like a little bit better. I think it has better functionality but it doesn't have that scanning option
09:24
so messed around with both,
09:28
see which one you like and
09:31
let me know.
Up Next
Offensive Penetration Testing

The Offensive Penetration Testing course opens the doors to those wanting to begin a penetration testing career. This course will prepare learners to begin their pentesting career journey by understanding what tools, techniques, and resources are available for someone starting out in offensive penetration testing.

Instructed By