1
00:00:01,150 --> 00:00:09,760
‫Capturing HTP traffic, so as we've gone over and hopefully you've learned HDP is the core protocol

2
00:00:09,760 --> 00:00:13,470
‫that carries everything but doing the Web browser and the Web server, right.

3
00:00:14,230 --> 00:00:21,430
‫So the browser sends requests to use the resources on the server and also the server sends the associated

4
00:00:21,430 --> 00:00:22,990
‫response back to the browser.

5
00:00:23,940 --> 00:00:31,050
‫So while penetration testing, manipulating the FDP messages is a basic and very important ability for

6
00:00:31,050 --> 00:00:33,240
‫you to have as a penetration tester.

7
00:00:34,350 --> 00:00:41,190
‫By intercepting HDP messages, you can edit and change any part of the message and then.

8
00:00:42,100 --> 00:00:43,700
‫Well, see what happens.

9
00:00:44,560 --> 00:00:51,220
‫So until now, we've just been looking at plain FDP messages, now we can capture and manipulate any

10
00:00:51,220 --> 00:00:57,220
‫part of the FDP message on the fly using a local HTTP proxy tool.

11
00:00:58,080 --> 00:01:06,090
‫So a local HDP proxy tool is one that sits in between the browser and the website, intercepting all

12
00:01:06,090 --> 00:01:07,830
‫the traffic that flows between them.

13
00:01:08,920 --> 00:01:16,020
‫So this is best done by acting as a man in the middle and then intercepting every request and response.

14
00:01:17,100 --> 00:01:23,360
‫It lets you intercept, inspect and modify the raw traffic passing in both directions.

15
00:01:24,470 --> 00:01:27,290
‫Now, although there are several proxy tools.

16
00:01:28,260 --> 00:01:33,690
‫There's one called Berp Proxy, and that's pretty much the most widely used that I've seen.

17
00:01:34,740 --> 00:01:41,550
‫You can also use others such as that attack proxy by a WASP, and there are several others included

18
00:01:41,550 --> 00:01:52,830
‫in Calli, but I like proxy a lot and you will to be a proxy, comes in a suite named Berp Suite that

19
00:01:52,830 --> 00:01:56,820
‫includes tools like Spider Intruder Decoder and a few others.

20
00:01:57,790 --> 00:02:00,970
‫It developed and maintained by Port Swygert Web security.

21
00:02:02,080 --> 00:02:10,240
‫And the proxy tool that is the heart of burb, that's the one that intercepts all the requests and responses.

22
00:02:11,510 --> 00:02:16,010
‫Burp can also automate customized attacks against Web applications.

23
00:02:17,230 --> 00:02:22,830
‫And then the traffic between the server and the browser could be analyzed, modified, visualized and

24
00:02:22,830 --> 00:02:25,380
‫eventually repeated multiple times.

25
00:02:27,290 --> 00:02:31,310
‫All right, so burb suite can be downloaded from Port Swygert dot net.

26
00:02:32,790 --> 00:02:37,590
‫There are three download candidates here and two of them are commercial products.

27
00:02:38,470 --> 00:02:45,070
‫You can compare them and you can even buy them on this page, but for our purposes and the purpose of

28
00:02:45,070 --> 00:02:49,320
‫this course, the community edition is just dandy.

29
00:02:49,690 --> 00:02:51,310
‫So that's the one we're going to use.

30
00:02:52,890 --> 00:02:56,400
‫So let's click on the download button to see our download options.

31
00:02:57,600 --> 00:03:02,640
‫And the download flavors are listed here according to major operating systems and version numbers.

32
00:03:04,140 --> 00:03:08,040
‫Now, if you're using a different system, click other platforms.

33
00:03:09,980 --> 00:03:11,930
‫And then you'll find the suitable flavor here.

34
00:03:13,190 --> 00:03:17,730
‫But now we're going to use Callie as the attacking machine during our course, right?

35
00:03:18,440 --> 00:03:24,220
‫So that means that Callie has preinstalled, a version of the community edition.

36
00:03:25,100 --> 00:03:29,600
‫Just remember to update your system before using the tools in Callie.

37
00:03:31,130 --> 00:03:32,730
‫So what does that mean?

38
00:03:33,140 --> 00:03:35,930
‫Let's open up berp, let's click on this icon.

39
00:03:37,040 --> 00:03:39,200
‫And a splash screen will welcome you.

40
00:03:40,190 --> 00:03:43,670
‫Click OK, and then a project screen will come up.

41
00:03:44,360 --> 00:03:48,010
‫Now here you can create or open an existing berp project.

42
00:03:48,800 --> 00:03:54,710
‫But I think here, this note in red tells the situation quite clearly.

43
00:03:55,800 --> 00:03:56,400
‫Next.

44
00:03:57,600 --> 00:04:03,090
‫Berp gives you a way to save the configuration while working, and if you want to, you can load your

45
00:04:03,090 --> 00:04:05,190
‫save configuration from this window.

46
00:04:06,950 --> 00:04:14,180
‫No, I don't have a configuration file here, so I don't need to do anything, so let's click start

47
00:04:14,180 --> 00:04:14,540
‫berp.

48
00:04:15,740 --> 00:04:17,060
‫Wait a few seconds.

49
00:04:18,180 --> 00:04:19,650
‫And the main window opens.

50
00:04:20,700 --> 00:04:28,590
‫So when I recorded this video, this is the latest version, and on the right side, there are advertisements

51
00:04:28,590 --> 00:04:33,690
‫for the pro version and on the left side there are tasks and burp logs.

52
00:04:35,090 --> 00:04:36,560
‫So I'm just going to highly add.

53
00:04:37,840 --> 00:04:39,940
‫And let's look at the tools in burps we.

54
00:04:40,860 --> 00:04:47,280
‫Target, so this tool allows you to visualize your target applications contents in a folder structure.

55
00:04:48,550 --> 00:04:53,290
‫It shows all the content that has been discovered by manually browsing the Web application.

56
00:04:54,090 --> 00:04:57,240
‫Then it extracts a map of the application.

57
00:04:58,280 --> 00:05:02,510
‫And this helps to define the target scope for the application.

58
00:05:03,790 --> 00:05:04,410
‫Proxy.

59
00:05:05,690 --> 00:05:10,250
‫So the proxy tool lies at the heart of burps, user driven workflow.

60
00:05:11,260 --> 00:05:17,410
‫It operates as a Web proxy server and sits as a man in the middle between your browser and destination

61
00:05:17,410 --> 00:05:18,160
‫Web servers.

62
00:05:19,030 --> 00:05:25,780
‫So this allows you to intercept, inspect and modify all raw web traffic passing in both directions.

63
00:05:26,700 --> 00:05:27,510
‫Intruder.

64
00:05:28,660 --> 00:05:34,790
‫So this is a powerful tool for carrying out automated, customized attacks against Web applications.

65
00:05:35,500 --> 00:05:43,090
‫It's extremely powerful and configurable, and it can be used to perform a huge range of tasks from

66
00:05:43,330 --> 00:05:47,090
‫from simple brute force to the guessing of web directories.

67
00:05:47,680 --> 00:05:53,710
‫So this process can help to identify Web application security flaws, repeater.

68
00:05:54,600 --> 00:06:01,650
‫So it's a simple tool for manually modifying and then reissuing individual HTP and WebSocket messages,

69
00:06:02,160 --> 00:06:05,610
‫as well as analyzing the applications responses.

70
00:06:06,560 --> 00:06:12,020
‫So you can use a repeater for all kinds of purposes, such as changing parameter values to test for

71
00:06:12,020 --> 00:06:17,080
‫input based vulnerabilities and other things will get their sequencer.

72
00:06:17,810 --> 00:06:24,890
‫This analyzes the quality of randomness in an applications session, tokens or some other important

73
00:06:24,890 --> 00:06:28,040
‫data items that are intended to be unpredictable.

74
00:06:29,210 --> 00:06:36,680
‫And here's the decoder, it's a simple tool that allows you to encode and decode data.

75
00:06:38,400 --> 00:06:44,790
‫It's capable of intelligently recognizing several encoding format, using heuristic techniques.

76
00:06:46,030 --> 00:06:54,760
‫Compar is a handy tool to compare, obviously, but you compare it visually, any two items of data,

77
00:06:54,910 --> 00:06:59,080
‫such as pairs of similar Web responses, extender.

78
00:07:00,160 --> 00:07:04,990
‫So berp allows us to add our own modules to increase burps functionality.

79
00:07:05,860 --> 00:07:12,070
‫And the extender tool also allows us to load berp extensions from the Burb App Store.

80
00:07:13,130 --> 00:07:16,340
‫You can view the extensions from here and list them.

81
00:07:17,860 --> 00:07:24,820
‫Now, Project Options is a place that you can define some global properties about berp and your current

82
00:07:25,180 --> 00:07:25,660
‫session.

83
00:07:26,650 --> 00:07:28,000
‫And then use your options.

84
00:07:28,030 --> 00:07:34,690
‫Well, that's a place that you can add burb and TLM authentication credentials and proxy information

85
00:07:34,690 --> 00:07:35,380
‫while testing.

86
00:07:36,450 --> 00:07:42,180
‫You can also add your client SSL certificates under the SSL tab if you need them in a test.

87
00:07:43,310 --> 00:07:49,820
‫And it's also possible to change user interface options and of course, you can also customize the user

88
00:07:49,820 --> 00:07:52,400
‫interface right here from the display tab.