1
00:00:00,550 --> 00:00:02,620
Welcome to part one of this module

2
00:00:05,600 --> 00:00:07,230
in this collection of modules.

3
00:00:07,250 --> 00:00:14,450
We're going to be studying the usage of burps sweet in order to make this presentation a bit easier.

4
00:00:14,450 --> 00:00:21,670
I have decided to divide the videos covering this tool across several modules as it is very complex.

5
00:00:21,830 --> 00:00:29,600
Burp sweet also known in some penetration testing circles simply as burp is a graphical tool for testing

6
00:00:29,600 --> 00:00:32,100
web application security.

7
00:00:32,360 --> 00:00:38,640
The tool is written in Java and was developed by Port swinger security.

8
00:00:38,780 --> 00:00:41,270
The tool has two different versions.

9
00:00:41,310 --> 00:00:49,680
A free version that comes prepackaged with Kali 2.0 as well as many older versions of Kali I believe

10
00:00:49,680 --> 00:00:56,460
going all the way back to backtrack five and there is also a full version available which can be purchased

11
00:00:56,460 --> 00:01:04,020
after a trial period which is called the Professional Edition the free version has significantly reduced

12
00:01:04,020 --> 00:01:10,560
functionality although once a student learns the free version that should not be overly difficult transition

13
00:01:10,560 --> 00:01:18,960
to the professional burp suite was developed to provide a comprehensive solution for web application

14
00:01:18,960 --> 00:01:20,790
security checks.

15
00:01:20,880 --> 00:01:29,190
In addition to basic functionality such as proxy server scanner and intruder The tool also contains

16
00:01:29,190 --> 00:01:36,810
more advanced options such as Spider a repeater a decoder compare an extender and a sequencer.

17
00:01:36,810 --> 00:01:40,480
I will elaborate more on these as we go along.

18
00:01:40,560 --> 00:01:47,460
The company behind burps sweet has even developed a mobile application containing similar tools which

19
00:01:47,460 --> 00:01:50,190
is compatible with IOW 8 and above

20
00:01:53,310 --> 00:01:54,960
before we begin with burp sweet.

21
00:01:54,960 --> 00:02:02,850
However it will be necessary to set up a target server as a demonstration of what this tool is capable

22
00:02:02,850 --> 00:02:10,170
of the best exploitable machine used in prior modules can be utilized because it comes with -- vulnerable

23
00:02:10,170 --> 00:02:18,000
Web application already installed on it if you wish to follow along this tutorial then I strongly recommend

24
00:02:18,000 --> 00:02:24,180
you set up a metal splitter BL machine of your own to conduct your tests on so as to stay 100 percent

25
00:02:24,180 --> 00:02:25,740
legal.

26
00:02:25,740 --> 00:02:33,660
Alternatively you could download and setup down vulnerable Web application as a standalone target if

27
00:02:33,660 --> 00:02:35,070
you wish.

28
00:02:35,070 --> 00:02:40,920
I personally feel that met a split level virtual mesh virtual machine is just easier to setup all around

29
00:02:41,520 --> 00:02:47,370
but it is your option and other such vulnerability testing programs could be used.

30
00:02:47,400 --> 00:02:51,870
For example you might set up Web go to test burp suite with.

31
00:02:51,870 --> 00:02:58,500
Ultimately it is up to you if you need instructions on how to set up a meet a split table virtual machine.

32
00:02:58,500 --> 00:03:03,990
Please go back to the first module and see the appropriate video okay.

33
00:03:05,020 --> 00:03:10,990
I do have a few more things to cover before I begin but let's go ahead and load up burp sweet.

34
00:03:11,020 --> 00:03:19,980
As always this can be done from the terminal window or by going to applications web applications.

35
00:03:21,770 --> 00:03:29,810
Web application analysis and then clicking burp sweet I should note that burp sweet can be used with

36
00:03:29,810 --> 00:03:36,530
a lot of operating systems because it runs in Java so you could easily download it and get it up and

37
00:03:36,530 --> 00:03:40,110
running very quickly even in a Windows environment.

38
00:03:40,310 --> 00:03:45,320
For right now though I recommend sticking to Cali but that's only to keep things as straightforward

39
00:03:45,320 --> 00:03:51,300
as possible when you first load burps sweet it'll ask you to update.

40
00:03:51,350 --> 00:03:52,930
I'm not going to do this right now.

41
00:03:52,940 --> 00:03:54,220
You can do it if you wish.

42
00:03:56,510 --> 00:04:04,010
Before we begin I do have to say that the topic of a web application security is pretty much a class

43
00:04:04,010 --> 00:04:05,720
unto itself.

44
00:04:05,720 --> 00:04:14,450
The goal of this presentation is to familiar familiarize you with burp suite itself and give you a foundational

45
00:04:14,450 --> 00:04:16,620
knowledge upon which to build.

46
00:04:16,790 --> 00:04:22,340
It won't be within the scope of this class to cover every possible use and every possible method of

47
00:04:22,340 --> 00:04:30,020
attacking web based security burp suite is essentially an integrated platform for performing security

48
00:04:30,020 --> 00:04:32,670
testing of Web applications.

49
00:04:32,720 --> 00:04:38,600
The first thing you need to understand is that it will allow us to intercept the data being sent between

50
00:04:38,600 --> 00:04:43,280
our browser and the web application that we're trying to test.

51
00:04:43,340 --> 00:04:50,930
So it's a great way to understand how data is being transferred as well as how data can be manipulated

52
00:04:50,960 --> 00:04:54,500
between the client and the web application itself.

53
00:04:54,500 --> 00:04:58,710
This video will be covering the community version as has been said.

54
00:04:58,820 --> 00:05:03,260
Certain options will therefore not be available to begin with.

55
00:05:03,260 --> 00:05:07,430
We're going to need to setup and configure our web browser of choice.

56
00:05:07,580 --> 00:05:12,110
If you're using Cally I'm going to assume that you are using Firefox.

57
00:05:12,110 --> 00:05:13,810
So go ahead and launch Firefox.

58
00:05:13,820 --> 00:05:17,090
Now to save time I've already done this.

59
00:05:20,530 --> 00:05:21,690
Once open.

60
00:05:21,790 --> 00:05:28,610
Go ahead and click on the options menu on the far right and select preferences

61
00:05:34,640 --> 00:05:41,120
for here click on the advanced category on the left.

62
00:05:41,530 --> 00:05:42,850
Select network

63
00:05:45,580 --> 00:05:49,080
and under connection click settings

64
00:05:52,750 --> 00:06:02,650
and once on this screen we want to select manual proxy configuration and make sure it is set to the

65
00:06:02,650 --> 00:06:04,210
local host.

66
00:06:04,210 --> 00:06:13,890
In this case and most probably yours as well it's going to be 1 27 0 0 dot 1 and set the port to 8 80.

67
00:06:14,050 --> 00:06:19,690
Make sure this is done for SSL f T.P. and socks as well.

68
00:06:19,690 --> 00:06:28,180
You also need to make sure that the use this proxy server for all protocols box is checked once this

69
00:06:28,180 --> 00:06:32,360
is done click OK and now we'll head over to burp sweet

70
00:06:37,740 --> 00:06:38,420
by default.

71
00:06:38,430 --> 00:06:45,540
The community version only allows you to use a temporary project if you have the professional version

72
00:06:45,540 --> 00:06:47,740
and allows you to save your project.

73
00:06:48,000 --> 00:07:00,620
So we'll hit next and we're going to use the burps sweet defaults so we'll click Start burp.

74
00:07:00,670 --> 00:07:03,270
This is going to take a few minutes to start up.

75
00:07:03,400 --> 00:07:10,540
I'll explain the interface generally but we'll be diving more into how brb actually works in the next

76
00:07:10,540 --> 00:07:12,520
video for this introduction.

77
00:07:12,520 --> 00:07:19,820
I just want to get you setup with the tool so that you understand what exactly is going on.

78
00:07:25,780 --> 00:07:28,470
Welcome to brb right away.

79
00:07:29,420 --> 00:07:36,170
This can seem kind of intimidating because we have a lot of tabs and not much on screen explanation.

80
00:07:36,170 --> 00:07:40,790
I mentioned at the start of this tutorial that I'd be covering what these different functionalities

81
00:07:40,790 --> 00:07:46,970
do and we'll be covering them one by one as we go.

82
00:07:47,090 --> 00:07:58,220
So by default you have your target proxy spider scanner intruder repeater sequencer decoder compare

83
00:07:58,790 --> 00:08:05,570
extender your project options your user options and your alerts.

84
00:08:05,570 --> 00:08:11,450
And like I said we'll be going through all of this as we perform our real world testing on our vulnerable

85
00:08:11,450 --> 00:08:20,090
Metis Floyd ABL machine by default to start out you want to go in to the proxy tab and from here let's

86
00:08:20,090 --> 00:08:22,820
go ahead and click our options

87
00:08:25,310 --> 00:08:30,580
and you want to make sure that your proxy listener is set as it is displayed here.

88
00:08:30,740 --> 00:08:40,210
127 dot 0 0 dot 1 port eight thousand and there should be a checkmark in the box under running.

89
00:08:40,220 --> 00:08:43,280
This is the same address that we just set in firefox.

90
00:08:43,280 --> 00:08:48,200
You can also create your own with the add button edit or remove it.

91
00:08:48,200 --> 00:08:51,410
Here you get the idea.

92
00:08:51,550 --> 00:08:53,470
Now we'll go back to our browser

93
00:08:56,420 --> 00:09:09,340
and this is where the real magic happens so if we type in a simple test site such as for example about

94
00:09:10,820 --> 00:09:22,980
a bad example dot com then we come back over to burp sweet and click the H TTP history tab we can see

95
00:09:22,980 --> 00:09:24,250
that by default.

96
00:09:24,270 --> 00:09:29,120
There are some Firefox portals and some get methods displayed here

97
00:09:32,920 --> 00:09:37,060
if you don't see this or if example dot com did not come up.

98
00:09:37,060 --> 00:09:47,530
Be sure to click on The Intercept tab and press the forward button also make sure that intercept is

99
00:09:47,530 --> 00:09:48,930
turned on.

100
00:09:48,970 --> 00:09:51,480
So if we click on the result one of them anyway

101
00:09:54,660 --> 00:09:58,770
we can see the information below.

102
00:09:58,770 --> 00:10:04,040
We can see the information displayed below for that result.

103
00:10:04,190 --> 00:10:07,670
You can see in raw and headers and hex.

104
00:10:07,670 --> 00:10:12,120
More about the request that was sent to the web application.

105
00:10:12,140 --> 00:10:13,820
It shows the user agent

106
00:10:18,000 --> 00:10:26,830
which was Mozilla the target which was example dot com the accept language which was English the encoding

107
00:10:26,860 --> 00:10:28,930
the connection et cetera.

108
00:10:28,930 --> 00:10:39,470
If we pull up headers we can see that the headers show very clearly the get host user agent et cetera

109
00:10:39,500 --> 00:10:41,470
et cetera et cetera.

110
00:10:41,560 --> 00:10:47,140
You may be a little confused if this is your first time hearing about headers and requests and response

111
00:10:47,140 --> 00:10:47,780
pairs.

112
00:10:47,920 --> 00:10:53,050
But don't worry that will be something that we get into as we go along.

113
00:10:53,140 --> 00:10:55,180
So bouncing back to the browser

114
00:10:57,970 --> 00:11:08,990
will head over to the Met A splitsville Web site which is just the IP address in this case 10 dot 0

115
00:11:09,260 --> 00:11:24,160
0 dot 8 and just a reminder make sure that intercept is turned on you see here forward is no longer

116
00:11:24,160 --> 00:11:25,480
great out.

117
00:11:25,720 --> 00:11:30,580
We're going to need to forward this request for Metis Floyd able to actually come up so we click forward

118
00:11:32,480 --> 00:11:43,410
and now if we go back to the browser hopefully it will come up and there we go so popping back over

119
00:11:43,410 --> 00:11:46,380
to our perp suite window

120
00:11:55,050 --> 00:11:56,550
we can see those requests

121
00:12:00,580 --> 00:12:07,120
and of course being that it's met exploited all we can see that an upgrade in secure requests is displayed

122
00:12:07,120 --> 00:12:07,870
here as well

123
00:12:10,730 --> 00:12:15,630
as well as other potentially compromising data because again met a split level.

124
00:12:15,680 --> 00:12:16,400
All right.

125
00:12:16,400 --> 00:12:23,270
So as you can see that is how you intercept data that is being sent from the client to the web application

126
00:12:23,810 --> 00:12:30,830
and how you can analyze the data being sent and ultimately manipulate it with all that being said all

127
00:12:30,830 --> 00:12:38,600
this was just a very basic look and hasn't really covered anything in terms of actual web based penetration

128
00:12:38,600 --> 00:12:39,740
testing yet.

129
00:12:39,740 --> 00:12:41,910
However that is coming up soon.

130
00:12:41,930 --> 00:12:44,180
The goal here was just to get you started.

131
00:12:44,210 --> 00:12:49,970
This is a very complex tool and we will be looking at it more closely in the next few videos in this

132
00:12:49,970 --> 00:12:53,200
module that's going to be it for this video though.

133
00:12:53,210 --> 00:12:59,450
Just a quick introduction to burp sweet and how to get it set up to intercept your first data requests

134
00:13:00,050 --> 00:13:05,030
in the next video we'll be getting started with the methodologies and terminologies and understanding

135
00:13:05,030 --> 00:13:07,280
the ins and outs of each TTP.

136
00:13:07,340 --> 00:13:08,750
Hopefully a lot better.

137
00:13:08,780 --> 00:13:09,230
Thank you.