1
00:00:00,420 --> 00:00:03,720
‫So let's start at burb and open a proxy tab.

2
00:00:04,760 --> 00:00:07,100
‫New tabs are opened under proxy.

3
00:00:08,040 --> 00:00:11,490
‫And the proxy tool is pretty much the heart of the sweet.

4
00:00:12,980 --> 00:00:17,300
‫And by using this tool, we can manually analyze HTTP messages.

5
00:00:18,210 --> 00:00:23,930
‫So to accomplish this, we need to configure burb as well as the Web browser to work together.

6
00:00:25,240 --> 00:00:27,220
‫All right, so let's go to the options tab.

7
00:00:28,450 --> 00:00:30,850
‫So here's the basic setting for intercepting.

8
00:00:32,110 --> 00:00:37,600
‫By proxy works as a man in the middle proxy right between the Web browser and the remote server.

9
00:00:38,530 --> 00:00:47,440
‫So that means a proxy is going to listen to a report on the local machine and we are going to redirect

10
00:00:47,470 --> 00:00:49,810
‫all browser traffic to that port.

11
00:00:50,780 --> 00:00:54,500
‫So that means that we need to arrange a port for burb to listen.

12
00:00:55,640 --> 00:01:03,100
‫But it has a default configuration on Port 80, 80, as you can see here, it listens on Port 80, 80

13
00:01:03,110 --> 00:01:04,130
‫on the local machine.

14
00:01:05,080 --> 00:01:12,040
‫And here, one two seven zero zero to one points to your local machine called Linux.

15
00:01:13,400 --> 00:01:18,310
‫Of course, you can change this configuration using the buttons on the left hand side.

16
00:01:18,340 --> 00:01:26,620
‫You can easily add, modify or remove listening port or you can always restore to the default configuration.

17
00:01:27,500 --> 00:01:32,690
‫So after arranging the listening port, the next thing is to define the interception rules.

18
00:01:34,110 --> 00:01:39,110
‫So Burb provides a rule-based mechanism to intercept traffic directed by the Web browser.

19
00:01:40,300 --> 00:01:45,670
‫So this way you can focus only on the request that you want to capture.

20
00:01:46,700 --> 00:01:50,930
‫And you can add, delete or modify any rule by using the buttons on the left.

21
00:01:52,410 --> 00:01:55,170
‫But for now, we don't need to add any rule.

22
00:01:56,510 --> 00:02:02,600
‫But when you're doing real tests, I believe you will need it and burb also has the same mechanism for

23
00:02:02,600 --> 00:02:04,640
‫intercepting server responses.

24
00:02:05,890 --> 00:02:09,040
‫So you can define or modify rules for your pen test.

25
00:02:09,960 --> 00:02:14,850
‫But you do need to check this box to enable intercepting responses first.

26
00:02:15,770 --> 00:02:18,770
‫See, now you can define more granular rules.

27
00:02:20,080 --> 00:02:22,280
‫OK, so now let's go to the intercept tap.

28
00:02:23,080 --> 00:02:28,150
‫So this is the main tab that you will display and intercepted HTP message you.

29
00:02:29,310 --> 00:02:36,120
‫And this button globally enables or disables intercepting HDB messages to analyze manually.

30
00:02:37,250 --> 00:02:41,570
‫So thanks to these default configurations, we really don't have to do much more.

31
00:02:42,360 --> 00:02:47,240
‫I did want to give you a little tour, so Berp is ready to work.

32
00:02:48,570 --> 00:02:50,790
‫So let's open your browser.

33
00:02:52,320 --> 00:02:54,960
‫And I will assume that you are using callisthenics.

34
00:02:56,570 --> 00:03:01,220
‫And Kelly has Firefox and Chromium for browsing the web.

35
00:03:02,300 --> 00:03:05,660
‫As I said before, I'm going to use Firefox as my main browser.

36
00:03:06,340 --> 00:03:10,620
‫Of course, you can follow these same steps for any other browser.

37
00:03:10,630 --> 00:03:11,290
‫It's up to you.

38
00:03:11,290 --> 00:03:12,610
‫It is going to look a little different.

39
00:03:12,940 --> 00:03:17,170
‫OK, so now I'm opening Firefox preferences from the menu.

40
00:03:18,290 --> 00:03:23,750
‫And scrolling down below, click the settings button under the network proxy section.

41
00:03:25,250 --> 00:03:29,000
‫So this window, Firefox enables us to use proxies.

42
00:03:29,980 --> 00:03:36,010
‫And you can configure their use, so this is the first time that you're opening up here, you probably

43
00:03:36,010 --> 00:03:37,240
‫will get these settings.

44
00:03:37,860 --> 00:03:43,270
‫OK, so we need to enable Firefox to redirect all the traffic to port AT&T.

45
00:03:44,560 --> 00:03:51,700
‫And don't forget the burleson's listens on this port, so check the manual proxy configuration.

46
00:03:52,870 --> 00:03:57,940
‫Typed the IP address of your local machine, which is one two seven zero zero one.

47
00:03:58,900 --> 00:04:09,640
‫And the port is 88 and then check this box to send, so it also sends https traffic to berp now before

48
00:04:09,670 --> 00:04:12,100
‫saving the setting, delete this entry here.

49
00:04:13,560 --> 00:04:17,340
‫Because it will prevent the redirect local traffic to proxy.

50
00:04:18,330 --> 00:04:20,910
‫And nothing to add then save.

51
00:04:22,390 --> 00:04:24,280
‫So now open a new browser tab.

52
00:04:25,540 --> 00:04:27,610
‫OK, is Barbizon intercept mode?

53
00:04:28,710 --> 00:04:35,070
‫The browser redirects the traffic to berp, now go to the vulnerable applications login page.

54
00:04:35,990 --> 00:04:37,730
‫And I'll click this bookmark.

55
00:04:39,070 --> 00:04:42,880
‫And see, as soon as you have the address, Burke gets a request.

56
00:04:43,750 --> 00:04:49,090
‫So this is just an HTTP request, as you remember from the previous videos.

57
00:04:50,300 --> 00:04:54,140
‫So now, after capturing the request, you can do several things.

58
00:04:55,250 --> 00:05:01,880
‫By using this action button, you can send this request to other tools for further analysis.

59
00:05:03,240 --> 00:05:10,020
‫Or you can say the request and do many other things with you, and if you are finished with a request,

60
00:05:10,020 --> 00:05:14,250
‫then you can either drop or forward their request.

61
00:05:15,350 --> 00:05:16,670
‫So I'm going to forward it.

62
00:05:18,090 --> 00:05:22,590
‫And then see how immediately catches the associated response message.

63
00:05:23,430 --> 00:05:29,370
‫So this is a raw response message matters first and then the body of the message comes.

64
00:05:31,390 --> 00:05:36,670
‫Now clicking on the headers tab, you can display just the headers of this message.

65
00:05:38,130 --> 00:05:42,330
‫And you can also perform some of the same actions here.

66
00:05:43,430 --> 00:05:47,480
‫And then when you're done with a response, you can forward or drop it.

67
00:05:48,540 --> 00:05:49,980
‫So, again, I'm going to forward it.

68
00:05:51,630 --> 00:05:58,560
‫Now, because berp is in this interception mode, it's also going to intercept some other requests as

69
00:05:58,560 --> 00:05:58,910
‫well.

70
00:05:59,900 --> 00:06:02,360
‫So I'm going to forward all of them.

71
00:06:05,070 --> 00:06:08,850
‫And then finally, the login page is displayed in the browser.

72
00:06:09,680 --> 00:06:13,060
‫So burb also holds the history information for us.

73
00:06:13,950 --> 00:06:18,020
‫So let's go to the history tab and click on any request.

74
00:06:18,990 --> 00:06:22,080
‫And so you'll find the details about that request.

75
00:06:23,780 --> 00:06:28,270
‫So this is how we intercept HTP messages with the proxy tool.

76
00:06:29,710 --> 00:06:37,210
‫For better interception experience, we can install a Firefox add on so we can easily redirect the traffic

77
00:06:37,210 --> 00:06:37,630
‫to burb.

78
00:06:39,110 --> 00:06:45,290
‫Now, while Penn testing, it's not necessarily efficient to change the proxy settings from Firefox

79
00:06:45,290 --> 00:06:46,160
‫each time, right.

80
00:06:46,940 --> 00:06:48,290
‫So what do I do?

81
00:06:48,290 --> 00:06:51,020
‫I advise you to use a proxy ext.

82
00:06:51,980 --> 00:06:55,700
‫I'm going to use Foxe proxy and I'll show you how to install it.

83
00:06:56,930 --> 00:06:59,810
‫But first, let's disable berp interception.

84
00:07:01,340 --> 00:07:04,190
‫And disable Firefox internal proxy settings.

85
00:07:09,320 --> 00:07:12,770
‫OK, so now let's go to the Firefox add ONS website.

86
00:07:14,050 --> 00:07:15,840
‫Let me just zoom in on the page for you.

87
00:07:16,890 --> 00:07:20,070
‫And type Foxe proxy and the search field.

88
00:07:21,220 --> 00:07:22,390
‫Click the first result.

89
00:07:23,730 --> 00:07:25,770
‫Then click add to Firefox.

90
00:07:26,850 --> 00:07:27,630
‫And click, add.

91
00:07:28,920 --> 00:07:31,200
‫OK, so it gets installed very quickly.

92
00:07:32,660 --> 00:07:35,480
‫So after installation, you see this icon in the toolbar.

93
00:07:36,700 --> 00:07:37,570
‫Click options.

94
00:07:39,480 --> 00:07:42,990
‫Now, from this page, we can add proxy's to Foxe proxy.

95
00:07:44,310 --> 00:07:47,790
‫And then later on, we can switch between them very quickly.

96
00:07:48,870 --> 00:07:53,490
‫So click and I'll put it in the title Berp.

97
00:07:54,700 --> 00:08:00,760
‫IP addresses are a local machine, 127000 one and port is AT&T.

98
00:08:02,070 --> 00:08:03,870
‫Like that, you can also assign a color.

99
00:08:04,970 --> 00:08:05,630
‫So save it.

100
00:08:06,950 --> 00:08:09,230
‫OK, so we added the configuration.

101
00:08:10,250 --> 00:08:11,630
‫Then you can close this tab.

102
00:08:13,630 --> 00:08:15,190
‫And quickly, icon.

103
00:08:16,510 --> 00:08:19,300
‫And what do you see the configurations listed here?

104
00:08:20,320 --> 00:08:25,060
‫Now click to activate this configuration, so I think it's really a timesaver.

105
00:08:25,960 --> 00:08:29,110
‫And go to be Web login page.

106
00:08:30,630 --> 00:08:33,930
‫And yeah, Berp intercepts a request again.

107
00:08:35,650 --> 00:08:36,850
‫Forward the messages.

108
00:08:37,870 --> 00:08:42,490
‫Now I'm going to disable proxy to send traffic to berp.

109
00:08:44,220 --> 00:08:47,520
‫And there it is, it's just that easy.

110
00:08:49,090 --> 00:08:52,330
‫So click another page and you can see.

111
00:08:54,040 --> 00:08:57,120
‫The traffic is not redirected to berp anymore.

112
00:08:58,820 --> 00:09:06,740
‫Oh, and one last thing to say here, with default browser usage, you will see many unrelated messages

113
00:09:06,740 --> 00:09:14,810
‫in Inbar, for example, browsers, safe browsing requests, captive portal requests, crashes and reports.

114
00:09:15,910 --> 00:09:21,460
‫So don't be disturbed by all these messages caused by these features, but you can disable them.

115
00:09:21,670 --> 00:09:25,600
‫In fact, I recommend it go to about config.

116
00:09:28,560 --> 00:09:31,130
‫And confirm the message that pops up.

117
00:09:32,310 --> 00:09:36,530
‫And change the settings that I'll show you here over on the right side.