Web Hacking with Burp Suite - Part II

-

 Web Hacking with Burp Suite -II


In previous blog i discussed about ghe basic of Brup Suite, Now we are going to discuesss breifly 
Lets start.....
Burp Suite Overview:
Burp Suite has a large array of features, including but not limited to:
  • Interception Proxy: Designed to give the user control over requests sent to the server.
  • Repeater: The ability to rapidly repeat/modify specific requests.
  • Intruder: Feature that allows automation of custom attacks/payloads
  • Decoder: Decode and encode strings to various formats (URL, Base64, HTML, etc.)
  • Comparer: Can highlight differences between requests/responses
  • Extender: API to extend Burps functionality, with many free extensions available via the BApp store.
  • Spider and Discover Content feature: Crawls links on a web application, and the discover content can be used to dynamically enumerate unlinked content.
  • Scanner (Pro Only): Automated scanner that checks for web application vulnerabilities (XSS, SQLi, Command Injection, File Inclusion, etc.)
Getting Started:
Burp Suite can be launched via the CLI using the java –jar command. You can allocate the amount of memory you want for Burp to use with the switches “-Xmx”:
java -jar -Xmx1024m /path/to/burp.jar
Like most interception proxies Burp is driven through a GUI, but there are some options to automate Burp from the CLI by leveraging the Extender feature.
Once Burp Suite is started, it is recommended to define your target host in the scope. This allows you to control what is displayed in the site map, and other burp features. Scope can be defined by adding a target host, IP, or network range:
The Proxy tab displays the details related to Burp’s proxy, intercept options, and HTTP request history. Below you can see that “Intercept is on” so any request made from the browser will need to be manually forwarded through the Burp proxy:
The intercept feature will intercept ALL traffic sent from the browser, additional extensions such as FoxyProxy can be used to specify which URLs and IPs are blacklisted/whitelisted and therefore bypass the Burp intercept.
With Burp’s scope and proxy configured you can now begin to browse the web application using your browser and Burp, as you do the Site Map begins to populate under the Target menu. From this view you can see an overview of directory structure and resources within the web application. By right clicking on the URL or resource you have several options to invoke additional functionality, such as Burp’s spider or performing an active scan:
Activating Burp’s spider will crawl the linked content on the web application, going down a depth of 5 links down by default, but these options can be configured under the “Spider” tab. As you interact with the web application, all of the requests and responses will be logged under the “Proxy” tab. You can highlight a request to help it stand out, and even leave comments for later analysis:
Burp’s Engagement Tools:
Burp suite offers a number of useful features under it’s Engagement Tools (Right Click site in Target view > Engagement Tools).  From there you can choose “Analyze Target”, which gives you an idea of link count, parameter count, and static vs. dynamic content.  Knowing this information can be very useful for scoping the assessment.  The more links, parameters, and dynamic content the more injection points to fuzz.
In the screen shot below you can see some of the other features like “Schedule Task” which lets you schedule Burp suite to run an active scan.  This feature is especially useful if the client wants the automated testing performed at odd hours of the day.
Burp’s Decoder and Comparer:
When you begin testing with web applications you’ll find that you very often need to decode or encode strings into different formats. This can be especially useful when trying to bypass simple filters to prevent web application attacks. Below is an example of Burp’s decoder performing URL encoding, although several additional options exist:
Burp’s Comparer feature allows you to quickly compare requests or responses to highlight the differences:
Burp’s Extender:
The Extender feature offers a powerful API to develop additional functionality with Burp using a scripting language. Many of the extensions are written in Python, and a offered for free via Burp’s App store. One very useful extension is Carbonator, which allows you to fully automate 
Burp from Spider > Scan > Report from the 
command-line. Below is a quick screen shot of some of the extensions that are available via the app store:

Burp’s Intruder:
Another option is leveraging Burp’s Intruder which can take a request and allows the user to define various injection points that can be modified to put in different payloads. One common use case will be to iterate through parameter values in a request to see how the web application responds (example: get /product.php?item=1) you may have intruder check 1-1000 and compare some of the differences in the responses. You can also define the resource that is being requested as the position to modify. Below we will demonstrate this by iterating through a common directory word list:
  1. Select a request and choose “Send to Intruder” this will prompt the following window under the “Intruder” tab. The highlighted area will be the section of the request that will be brute forced with the “Sniper” payload which goes through the list configured and makes the request:

  1. Next under the payload tab, you can load a word list to be used for the brute force discovery:
  1. To start the attack you select “Intruder > Start Attack”. The following results window will show the requests made and the HTTP status code. As we can see we were able to enumerate some additional resources that was missed from the spider:
In addition to using Burp, it is recommended to run an intermediate scanner in the background to check for some default configurations and resources. Below is an example of Nikto, but some additional scanner tools to consider are (ZAP, w3af, Grendal, etc.). As we can see, Nikto found additional interesting things to further investigate such as “/tmp/” and “/test/”:

In this blog we discussed about Burp’s Decoder and Comparer ,Burp’s Extender and Burp’s Intruder. 

In the next blog i will discussed about Burp’s Automated Scanner:

Helpline:-  Brup suite official 

Comments

Post a Comment

Popular posts from this blog

Ghost Phisher - Phishing & Penetration Attacks

-
Image
Ghost Phisher - Phishing & Penetration Attacks Ghost Phisher   is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot,could be used to service DHCP request , DNS requests or phishing attacks Features : ºHTTP Server ºInbuilt RFC 1035 DNS Server ºInbuilt RFC 2131 DHCP Server ºWebpage Hosting and Credential Logger (Phishing) ºWifi Access point Emulator ºSession Hijacking (Passive and Ethernet Modes) ºARP Cache Poisoning (MITM and DOS Attacks) ºPenetration using Metasploit Bindings ºAutomatic credential logging using SQlite Database ºUpdate Support Operating System Supported Software runs on any Linux machine with the programs prerequisites, Prerequisites The Program requires the following to run properly: The following dependencies can be insta...
Read more

How to hack CCTV camera 🎥

-
Image
 How to hack CCTV camera 🎥 Step 1 : Downloading Angry IP Scanner Angry IP scanner   that is generally used by network administrators for port scanning and detecting for the suspicious activity.It is available on all the major OS. First Download and install the Angry IP scanner. Step 2 : Knowing your IP address range It is very important to know your public IP for accomplishing our target.CCTV cameras are connected to our broadband internet connection.If you are using a broadband connection then you can know your public IP by just going to   Google   or  Bing  and typing in the search box “My IP” .It will show your public IP. Here 103.26.218.207 is my public IP .So the IP range will be 103.26.218.1 to 103.26.218.255 Step 3 : Configuring Angry IP scanner Now you have to open   Angry IP Scanner . Go to Tools > Preferences > Ports | include ports 80,8080,23 in Port choice tab  It will filte...
Read more