1
00:00:01,140 --> 00:00:09,750
Capturing HTP traffic, so as we've gone over and hopefully you've learned HDP is the core protocol

2
00:00:09,750 --> 00:00:13,430
that carries everything but doing the Web browser and the Web server, right.

3
00:00:14,220 --> 00:00:21,420
So the browser sends requests to use the resources on the server and also the server sends the associated

4
00:00:21,420 --> 00:00:22,950
response back to the browser.

5
00:00:23,920 --> 00:00:31,030
So while penetration testing, manipulating the FDP messages is a basic and very important ability for

6
00:00:31,030 --> 00:00:33,220
you to have as a penetration tester.

7
00:00:34,320 --> 00:00:41,160
By intercepting HDP messages, you can edit and change any part of the message and then.

8
00:00:42,060 --> 00:00:43,680
We'll see what happens.

9
00:00:44,550 --> 00:00:48,060
So until now, we've just been looking at plain FDP messages.

10
00:00:48,960 --> 00:00:57,180
Now we can capture and manipulate any part of the FDP message on the fly using a local HTTP proxy tool.

11
00:00:58,060 --> 00:01:06,070
So a local HDB proxy tool is one that sits in between the browser and the website, intercepting all

12
00:01:06,070 --> 00:01:07,810
the traffic that flows between them.

13
00:01:08,900 --> 00:01:15,980
So this is best done by acting as a man in the middle and then intercepting every request and response.

14
00:01:17,080 --> 00:01:23,320
It lets you intercept, inspect and modify the raw traffic passing in both directions.

15
00:01:24,420 --> 00:01:27,270
Now, although there are several proxy tools.

16
00:01:28,240 --> 00:01:33,670
There's one called Berp Proxy, and that's pretty much the most widely used that I've seen.

17
00:01:34,720 --> 00:01:41,650
You can also use others such as that attack proxy by a WASP, and there are several others, including

18
00:01:41,650 --> 00:01:52,810
Calli, but I like Proxy a lot and you will, too, by proxy comes in a suite named Berp Suite that

19
00:01:52,810 --> 00:01:56,800
includes tools like Spider Intruder Decoder and a few others.

20
00:01:57,770 --> 00:02:00,950
Its development maintained by Port Swygert Web security.

21
00:02:02,060 --> 00:02:10,220
And the proxy tool that is the heart of burb, that's the one that intercepts all the requests and responses.

22
00:02:11,500 --> 00:02:16,000
Burp can also automate customized attacks against Web applications.

23
00:02:17,140 --> 00:02:22,810
And then the traffic between the server and the browser could be analyzed, modified, visualized and

24
00:02:22,810 --> 00:02:25,360
eventually repeated multiple times.

25
00:02:27,260 --> 00:02:31,280
All right, so Burb Sweet can be downloaded from Port Swygert dot net.

26
00:02:32,790 --> 00:02:37,590
There are three download candidates here and two of them are commercial products.

27
00:02:38,470 --> 00:02:45,070
You can compare them and you can even buy them on this page, but for our purposes and the purpose of

28
00:02:45,070 --> 00:02:49,300
this cause, the community edition is just dandy.

29
00:02:49,660 --> 00:02:51,310
So that's the one we're going to use.

30
00:02:52,900 --> 00:02:56,380
So let's click on the download button to see our download options.

31
00:02:57,570 --> 00:03:02,640
And the download flavors are listed here according to major operating systems and version numbers.

32
00:03:04,110 --> 00:03:08,010
Now, if you're using a different system, click other platforms.

33
00:03:09,960 --> 00:03:11,910
And then you'll find the suitable flavor here.

34
00:03:13,170 --> 00:03:19,110
But now we're going to use Callie as the attacking machine during our course, right, so that means

35
00:03:19,110 --> 00:03:24,200
that Callie has preinstalled, a version of the community edition.

36
00:03:25,080 --> 00:03:28,980
Just remember to update your system before using the tools.

37
00:03:28,980 --> 00:03:29,580
And Callie.

38
00:03:31,110 --> 00:03:32,710
So what does that mean?

39
00:03:33,120 --> 00:03:35,880
Let's open up berp, let's click on this icon.

40
00:03:37,010 --> 00:03:39,170
And a splash screen will welcome you.

41
00:03:40,160 --> 00:03:43,640
Click OK, and then a project screen will come up.

42
00:03:44,330 --> 00:03:47,980
Now here you can create or open an existing berp project.

43
00:03:48,800 --> 00:03:54,710
But I think here, this note in red tells the situation quite clearly.

44
00:03:55,770 --> 00:03:56,370
Next.

45
00:03:57,580 --> 00:04:03,070
Berp gives you a way to save the configuration while working, and if you want to, you can load your

46
00:04:03,070 --> 00:04:05,170
save configuration from this window.

47
00:04:06,930 --> 00:04:14,130
No, I don't have a configuration file here, so I don't need to do anything, so let's click, start

48
00:04:14,130 --> 00:04:14,520
burp.

49
00:04:15,720 --> 00:04:17,040
Wait a few seconds.

50
00:04:18,160 --> 00:04:19,630
And the main window opens.

51
00:04:20,680 --> 00:04:28,570
So when I recorded this video, this is the latest version, and on the right side, there are advertisements

52
00:04:28,570 --> 00:04:33,640
for the pro version and on the left side there are tasks and burp logs.

53
00:04:35,090 --> 00:04:36,530
So I'm just going to hide the add.

54
00:04:37,810 --> 00:04:39,910
And let's look at the tools in burps we.

55
00:04:40,840 --> 00:04:47,260
Target, so this tool allows you to visualize your target applications contents in a folder structure.

56
00:04:48,530 --> 00:04:54,920
It shows all the content that has been discovered by manually browsing the Web application, then it

57
00:04:54,920 --> 00:04:57,200
extracts a map of the application.

58
00:04:58,260 --> 00:05:02,490
And this helps to define the target scope for the application.

59
00:05:03,780 --> 00:05:04,380
Proxy.

60
00:05:05,670 --> 00:05:10,230
So the proxy tool lies at the heart of burps, user driven workflow.

61
00:05:11,230 --> 00:05:17,380
It operates as a Web proxy server and sits as a man in the middle between your browser and destination

62
00:05:17,380 --> 00:05:18,110
Web servers.

63
00:05:19,000 --> 00:05:25,750
So this allows you to intercept, inspect and modify all raw web traffic passing in both directions.

64
00:05:26,690 --> 00:05:27,500
Intruder.

65
00:05:28,640 --> 00:05:34,770
So this is a powerful tool for carrying out automated, customized attacks against Web applications.

66
00:05:35,510 --> 00:05:43,070
It's an extremely powerful and configurable, and it can be used to perform a huge range of tasks from

67
00:05:43,300 --> 00:05:47,070
from simple brute force to the guessing of web directories.

68
00:05:47,660 --> 00:05:53,660
So this process can help to identify Web application security flaws, repeater.

69
00:05:54,580 --> 00:06:01,630
So it's a simple tool for manually modifying and then reissuing individual HTP and WebSocket messages,

70
00:06:02,140 --> 00:06:05,590
as well as analyzing the applications responses.

71
00:06:06,540 --> 00:06:12,000
So you can use a repeater for all kinds of purposes, such as changing parameter values to test for

72
00:06:12,000 --> 00:06:13,560
input based vulnerabilities.

73
00:06:14,410 --> 00:06:21,970
And other things will get there sequencer, this analyzes the quality of randomness in an applications

74
00:06:21,970 --> 00:06:28,030
session, tokens or some other important data items that are intended to be unpredictable.

75
00:06:29,190 --> 00:06:36,650
And here's the decoder, it's a simple tool that allows you to encode and decode data.

76
00:06:38,380 --> 00:06:44,770
It's capable of intelligently recognizing several encoding format, using heuristic techniques.

77
00:06:46,010 --> 00:06:54,740
Compar is a handy tool to compare, obviously, but you compare it visually, any two items of data,

78
00:06:54,890 --> 00:06:59,060
such as pairs of similar Web responses, extender.

79
00:07:00,140 --> 00:07:04,970
So berp allows us to add our own modules to increase burps functionality.

80
00:07:05,830 --> 00:07:12,040
And the extended tool also allows us to load berp extensions from the Burb App Store.

81
00:07:13,100 --> 00:07:16,310
You can view the extensions from here and list them.

82
00:07:17,840 --> 00:07:24,800
Now, Project Options is a place that you can define some global properties about berp and your current

83
00:07:25,160 --> 00:07:25,640
session.

84
00:07:26,630 --> 00:07:27,980
And then use your options.

85
00:07:28,010 --> 00:07:34,670
Well, that's a place that you can add burb and TLM authentication credentials and proxy information

86
00:07:34,670 --> 00:07:35,360
while testing.

87
00:07:36,430 --> 00:07:42,160
You can also add your client SSL certificates under the SSL tab if you need them in a test.

88
00:07:43,320 --> 00:07:49,800
And it's also possible to change user interface options and of course, you can also customize the user

89
00:07:49,800 --> 00:07:52,380
interface right here from the display tab.