Using Intercepting Proxies Part 2

00:01

All right. So let's go to the basics of how to set up Burp suite.

00:05

So I use this proxy switcher Omega.

00:09

Basically I have it configured

00:13

So that I have burp. It's set up to a cheapie 1-7001 on Port 80 80.

00:20

That way I can switch between proxy through Burp suite

00:24

or not using Burp suite at all.

00:27

You can also do it directly in the browser. So if I go to preferences or I'm sorry proxy.

00:35

I can set my manual proxy to 1 to 7001.80 80 and make sure I have the check mark here and click. Ok. And I can use it that way but I don't do it. I use this uh switcher Omega feature. You can also do something like Foxy proxy if you want.

00:52

So that just allows me to quickly either use Burp suite or not use Burp Suite.

00:58

So let's start up Burp suite.

01:00

Make sure you go to the Community edition, not the Pro

01:04

and I am going to

01:07

click next start

01:11

and this is only for the Pro version so X out of that.

01:17

And this is what I was talking about with the proxy it's on by default. So if I

01:22

set this to burp and refresh well and already refresh the page, you can see it's just waiting here

01:30

and you can wait here forever if you wanted to.

01:33

So you need to make sure you click intercept off

01:37

and then you can start looking at http history.

01:42

So what I can do now

01:45

is I can start using

01:49

the embedded browser because I like to use the embedded browser. So proxy

01:55

options. I'm sorry, target

02:00

intercept or proxy intercept. Open browser.

02:02

You'll notice you get an error here. I'm gonna go to project options

02:08

miscellaneous,

02:12

allow the embedded browser to run without a sandbox.

02:15

I'll go back

02:17

open browser

02:20

and now I don't have to worry about things like the certificate authority. If you want to install the certificate authority

02:25

we have to do is make sure you were proxy through Burp suite.

02:29

Go to burp.

02:32

Sorry

02:34

http

02:36

burp,

02:38

download the CIA certificate, Save it in here

02:42

but the preferences

02:44

go to certificates,

02:46

import

02:49

the certificate,

02:53

it's already installed

02:54

but that's what you have to do to import that certificate authority. So you could go to https sites. So I'm gonna turn this off again

03:02

and

03:06

we're gonna go back and we're going to use the photo blog.

03:08

Yeah.

03:09

Here

03:16

so here we are

03:17

and now we're just using the burp embedded browser.

03:22

So we don't need to worry about the certificate authority anymore.

03:27

Mhm.

03:28

Okay.

03:30

So if we went to admin and we could try something like admin password.

03:37

Nothing happened. But if we look at HTP history we should see a post request

03:44

and you'll see a whole bunch of other traffic here.

03:46

But we see our post request. I'm going to right click and send to repeat. Er

03:51

now I talked about why I like repeater. You can quickly see the response,

03:54

Which is a 30 to redirect.

03:59

So we're not going to worry about that.

04:00

You can also change the request method so I can change this to a get request and as the user password parameters to it, just so you can kind of mess around with with that.

04:13

But here's how we use intruder. So I'm going to send this to intruder.

04:18

I'm going to go to positions.

04:20

I'm going to basically anything between

04:24

these two. There is in green,

04:27

you can change

04:29

as far as your payload. So I'm going to clear this. I'm going to add password,

04:34

I'm going to go to payloads.

04:39

You can see I have snipers selected already

04:42

simple lists. I want to load a bunch of passwords

04:47

so I'm going to go to med ISP Lloyd.

04:55

I'm going to go to keep my passwords

04:59

and also I talked about the ability to grip.

05:02

So if I wanted to grant for a specific word,

05:09

I'm going to clear this,

05:11

put administration

05:15

and that

05:15

and we'll let this will start the attack

05:18

and you'll notice that it warns you that you'll be throttled because this is a community edition.

05:23

This can take a long time

05:28

but I like to analyze the status

05:30

as well as the length.

05:33

You'll notice something happened here at 14.

05:36

It found

05:40

administration

05:46

somewhere

05:47

there's administration

05:49

so it found that

05:51

and that's why it's highlighted.

05:54

And we can guess that the password is this password here.

06:02

So if we wanted to we could show the response and the browser is copy this. Go to the browser

06:10

paste

06:12

and now we can see where the administration of my awesome photo blog.

06:18

I also want to show you uh zero

06:23

or zap. I should say zed attack proxy.

06:27

So let's get out of here.

06:30

We'll get out of here.

06:32

And now I will go to Zap.

06:41

I want to take a little while to load.

06:47

I like, you know, I do not want to persist this session at the moment.

06:51

I'm gonna do the automated scan.

06:55

So we have 192168152.

06:59

I'm going to attack this.

07:03

Mhm.

07:08

This might take a while as well.

07:11

But as you can see it has this spider running which is the feature that I said they took out in Burp suite, in the newer Burp suite that they had. The older Burp suite.

07:19

So this is trying a whole bunch of different things like robots. Dot txt. Site map

07:25

is trying to find all the content that it can.

07:30

So I'm gonna look for alert. I can see it found cross site scripting,

07:34

I can see it found a sequel injection.

07:38

So I like this that it shows you what the alerts are. If I double click,

07:43

it will give me more information

07:46

about what it found.

08:01

I can also request this in a browser.

08:07

What that will do is open up a browser for zap.

08:13

I'll give you this heads up display option.

08:16

So there we go.

08:18

The big scary one is there with our cross site scripting vulnerability. I'll talk about that bit later with our cross site scripting block,

08:28

but you can also see a sequel syntax error. Here's that heads up display

08:33

if you want to do that.

08:41

So as you can see just running that um Oh, it also found a down based cross site scripting vulnerability.

08:48

So as you can see just doing the Spider

08:50

gave me a whole bunch of great information about where to go to next sequel injection to me is going to be

08:58

the highest priority in enumerating and we have a whole section on that. So

09:03

just

09:05

going to attack in here in Zap, give us a whole lot of good information.

09:11

I don't know. I mean the layout is okay. Um of course, you know, Burp suite

09:16

I like a little bit better. I think it has better functionality but it doesn't have that scanning option

09:24

so messed around with both,

09:28

see which one you like and