1
00:00:00,360 --> 00:00:07,920
Burp Suite is a gooey based collection of tools geared toward Web application security, artistic.

2
00:00:08,220 --> 00:00:12,390
No, actually, it is one of the best known as bot for proxy tool.

3
00:00:13,360 --> 00:00:19,360
And there is a free community edition, mainly content their tool is used in many with distinct.

4
00:00:20,850 --> 00:00:21,870
So from here.

5
00:00:22,920 --> 00:00:29,330
Typekit Burp Suite, you can find it here, the community edition, as you can see, OK?

6
00:00:30,000 --> 00:00:35,580
And here you need to accept the conditions and click on next.

7
00:00:36,240 --> 00:00:37,830
And start the Burp Suite.

8
00:00:38,160 --> 00:00:42,270
OK, now it is up and as you can see, it is capturing.

9
00:00:42,660 --> 00:00:44,630
By the way, you can click on the proxy.

10
00:00:44,640 --> 00:00:48,690
You can see that intercept is on currently, so I can turn it off.

11
00:00:49,170 --> 00:00:49,490
OK?

12
00:00:50,940 --> 00:00:57,060
But we want to go to the option from here and here you can see that we have an interface to look at

13
00:00:57,060 --> 00:01:05,570
who's on board 880 now go to the browser from here again, click on that proxy to intercept this.

14
00:01:05,670 --> 00:01:06,600
Keep it as on.

15
00:01:07,410 --> 00:01:09,660
Now, if I go to Google Dot com, for example.

16
00:01:11,410 --> 00:01:13,540
You can see that we didn't capture anything.

17
00:01:13,750 --> 00:01:14,710
Now, why is that?

18
00:01:15,010 --> 00:01:23,170
Because in the browser itself, we didn't edit the proxy settings, so we are not opening as a proxy

19
00:01:23,560 --> 00:01:24,640
to capture the topic.

20
00:01:24,970 --> 00:01:28,870
Now we have to do such a thing from here, from the tools to the preferences.

21
00:01:29,380 --> 00:01:32,180
Scroll down until you see, then it makes you think.

22
00:01:32,230 --> 00:01:33,280
Click on the settings.

23
00:01:33,580 --> 00:01:37,480
And here you can see or use system or manual.

24
00:01:37,630 --> 00:01:40,480
Actually, we want to use the manual proxy configuration.

25
00:01:40,990 --> 00:01:48,880
Now it will be as we saw digital zero 0.1 and on board 880 and click on auto.

26
00:01:48,880 --> 00:01:51,160
Use this and we are ready.

27
00:01:51,400 --> 00:01:52,300
Click on OK.

28
00:01:53,880 --> 00:01:55,410
Now, if I refresh this.

29
00:01:57,780 --> 00:01:58,710
Click on Advanced.

30
00:01:58,740 --> 00:02:02,610
You can see that we are having a problem with the certificate.

31
00:02:03,150 --> 00:02:04,040
Now why is that?

32
00:02:04,050 --> 00:02:06,540
Because this is something external, not internally.

33
00:02:06,550 --> 00:02:10,880
So if I am opening a website inside the system, it will not.

34
00:02:10,900 --> 00:02:11,580
It will work.

35
00:02:11,760 --> 00:02:19,380
It's OK, but because they are using or running, as you can see, the browser detect that there are

36
00:02:19,500 --> 00:02:21,630
some men in the middle attack.

37
00:02:21,780 --> 00:02:25,640
So that's why we are seeing because we are intercepting.

38
00:02:25,650 --> 00:02:29,190
So if I refresh this, it will do again the same thing.

39
00:02:30,000 --> 00:02:31,530
Now how to solve this issue?

40
00:02:32,010 --> 00:02:36,390
Actually, let's go to that Burp Suite from the option here.

41
00:02:36,870 --> 00:02:40,530
You can see that we can import export see certificate.

42
00:02:41,190 --> 00:02:44,490
So its origin rate, as you can see, click on.

43
00:02:44,490 --> 00:02:44,880
Yes.

44
00:02:45,330 --> 00:02:47,360
Then in the browser itself, go to the edge.

45
00:02:47,370 --> 00:02:50,460
FDB, bear this into.

46
00:02:51,090 --> 00:02:52,830
We are inside it here.

47
00:02:52,830 --> 00:02:55,080
The CA certificate downloaded.

48
00:02:55,800 --> 00:02:57,510
Now let's open it.

49
00:02:58,170 --> 00:02:59,130
So here you can see.

50
00:02:59,130 --> 00:03:00,930
Here are the details of it.

51
00:03:01,380 --> 00:03:05,220
Now in the browser itself, now from the privacy and security.

52
00:03:05,490 --> 00:03:08,940
Scroll down and can you see view certificate from the authorities?

53
00:03:08,940 --> 00:03:11,280
Import and choose the certificate?

54
00:03:11,640 --> 00:03:17,340
And yes, you can see the trust this year to display the website and click OK.

55
00:03:18,470 --> 00:03:24,260
Now, if I go to Google this time, you can see that it is working correctly.

56
00:03:24,830 --> 00:03:32,180
If I return back here to the property or intercept the intercept to be on again, let's put here.

57
00:03:33,190 --> 00:03:41,920
Anything and, for example, Google, you can see that it is still binding until you can see that we

58
00:03:41,920 --> 00:03:43,720
are seeing that traffic this time.

59
00:03:43,900 --> 00:03:48,760
So you need to forward it to keep forward, to see what is going on.

60
00:03:49,330 --> 00:03:50,080
As you can see.

61
00:03:50,590 --> 00:03:52,720
And finally, it is working, as you can see.

62
00:03:53,350 --> 00:04:00,100
So if I click on, the intercept is off like this, it will work normally with without any problem.

63
00:04:01,680 --> 00:04:02,100
OK.

64
00:04:02,430 --> 00:04:07,890
No, actually there Burp Suite is a very huge topic, we can't cover it.

65
00:04:08,850 --> 00:04:10,320
All of its aspects.

66
00:04:10,620 --> 00:04:15,390
But don't worry, we will use it in practice once we reach the practical depths.

67
00:04:15,860 --> 00:04:16,290
S..