all right. Our test app for this is on your window. Seven system in the setup instructions tells you, Hodder, install this application.
This is certainly not the only vulnerable Web application. There are some better publicly available online. I like
one called bam Vulnerable Web out, which is freely available
but encourage you to try that one next. Oh, US with open Web application. Security project has one called web goat that actually has built in learning exercises in it. That's a good one for beginners as well.
And there's several others. So if you want to continue with websites, I encourage you to try some of those that probably have a few more vulnerabilities. And this one, This is just
kind of a specific application that I actually inherited.
I wouldn't even mind originally, but it has a lot of the major issues and it.
book service on your Windows seven box. So it should look something like this if you don't see the books and stuff that you did, database isn't set up correctly. The love what we're gonna do isn't going to work. So go back and check your setup instructions. until you get it to look like this
has installed scripts and everything. It should be pretty straightforward if you follow the instructions.
Israel like me, you didn't give steps. Sometimes things don't work.
So what we're gonna do here is we're mainly gonna do
manual analysis. I find that there's not really
any products that do as good a job as I would like just doing vulnerability scanning for custom Web applications and not just given the nature of custom Web applications. Anybody can build an application, and it's really hard to
make checks that will check everything regardless of what the
So we will look at some automated skinning that Greenlee will do things manually.
I do use some scanners that air expensive on some of my jobs is like a kinetics web. Inspect things like that. I mean, just to pin down
what software of my client that I'm working for has generally assisting a pretty pricey for the
Um, but I do use those just as a base on. Then do my manual testing from there,
not gonna have you down like a genetics or anything, but if your company. Your school has products like that. I encourage you to get familiar with them. We're gonna use my favorite proxy equal burps weed
that's not good about Java,
that is going to kill everything.
Because about the proxy, you won't get very far at all.
I'm not actually gonna have a Web applications action. Probably.
Jove. Ever shoot dagger.
actually, I get for changing the M. Something's gonna change.
We're actually, if I think about it, this is probably true in the old version of Kallias. Well, let me try one more thing. So I feel like the old version of Cali had the same issue. I used birth week pro. That I pay for. That is actually directly on my Mac. They have a free version on here
we go to applications and Callie Lennix
Web applications, Web application proxies and click on verb. Sweet. Yeah, that'll do it. I just forgot that again. I use the woman.
It was Cliff. I accept. Should load it up.
There were All right, Cool.
So we have our perp sweet here. As you can see, it has lots of different things. It can do. Some of it is going to be limited on the free version as these things go.
But what we want to do it actually set up our browser to send all its traffic through this proxy to bite assault.
You're the proxy tab. Got options by default. Listens on local host 80 80. You can change that if you need Thio.
If I on my browser just going to be platform specific like I went back, it wants me to do it in system settings, things like that.
we go to preferences. So it it preferences
advanced and network
this ice weasels like an offshoot of Fire Park. So it's similar to tell Firefox is set up.
I go to connection settings,
manual proxy configuration that we want
and use proxy configuration for all particles. Okay, that should send all air traffic through burps. We So if we go back to this proxy type and intercept, make sure that intercept is on
click enter again on the sort of reload the page, so we should see. Burp. Sweet light up.
Get book service. Http slash one point ones were getting the main page
of this application so we can make changes to this. The who's not really anything. We want to change here when we're done with it. We could say Ford could not afford it onto the browsers. For instance, where does it have it where we can
it was Click log in here
Get book service long in the S P X.
Don't take us to a new page.
What if we do? New user?
if I put in using name Georgia both security dot com Password Password is Brad Password.
Well, George, a bulb Security news anyway,
Quick, go get called to it, Catching our post requests as well.
If we break it down by parameter here, we could actually see the values that are being sent bigger. But we see Georgia password and Georgia Bulb security dot com.
I changed password, too.
But change it in my proxy. The server hasn't seen it yet, so every change I'm making the proxy. That's what the server's gonna see. So have I seen this end? George is possible will be password one, regardless of the fact that originally I put in passport.
All right, Now, if I go to log in,
just turn intercept off.
Once I'm done intercepting thing, they're gonna just turn it off.
Overdue. Georgia and password one. Make sure I put in the same password that I did through the proxy
that logs, man. Just trying the proxies knife for, like, seeing the role traffic and hidden field manipulating the traffic,
which may come in handy for us in some cases,
additionally some basic things that we can do here.
If we go over to the target task, we'll see
the i p address of her win seven system so we can right click on that
and we're not amiable. Scan
in the free version. I do like the scanners in here,
but we're not gonna be able to do that in the free versions of you by the pro version than you can possibly scan them.
But we can spider the Hearst
try and find some more pages.
Send it requests. Come see if it finds more pages. Basically haven't clicked on all these links.
You should be able to find this
You can put in information to submit the forms tell, but all again and stuff as well. It's not too much, actually. Almost Cypress tree, just books and a few other things.
our burp. Sweet. We do, of course, have the scanner.
this way, it doesn't do anything on free Virgin Olive.
Burp! Intruder. What this is gonna do is this allows us to
do password guessing and otherwise send different options automatically into Web forms. We can give it Lee. Payload lists are set up different ways of doing it with There's different options.
things like that. But, uh, that's another one is gonna be really slowed down in this version.
Decoders. Always nice. Like, if you're trying to decode
information, that's like base 64 in code or something like that. You just pee sitting here and it will take care of it. So, everyone I'm not necessarily doing Web application stuff. Occasionally. Pull this up.
There's other things as well, Like repeating the request. If you get interesting request,
you're repeating it.
It could do a lot of things. The pro version is much more powerful. So if you continue with Web app, so I encourage you to buy it.
So now let's actually start attacking some stuff.
Look at those common Web vulnerability classes.