1 00:00:00,090 --> 00:00:04,720 Welcome to Part Eight of this module. 2 00:00:04,840 --> 00:00:10,090 It is with reluctance that I will now present Perot's proxy. 3 00:00:10,120 --> 00:00:18,280 This is a very old tool which in fact predates the dinosaurs and has come pre packed with Cally not 4 00:00:18,280 --> 00:00:25,540 from the days of backtrack but all the way back to the days of the original iteration of backtrack which 5 00:00:25,540 --> 00:00:31,440 was wax which was based on what picks which was based on topics. 6 00:00:31,570 --> 00:00:38,160 Paris is a Java based Web proxy for assessing web application vulnerability. 7 00:00:38,230 --> 00:00:44,140 I probably should have mentioned in the earlier module that oh awesome zap is in fact a fork of the 8 00:00:44,140 --> 00:00:46,610 code used for this tool. 9 00:00:46,690 --> 00:00:56,860 It supports editing and viewing each TTP and each TTP messages on the fly to change items such as cookies 10 00:00:56,890 --> 00:00:58,850 and form fields. 11 00:00:58,960 --> 00:01:07,680 It includes a Web traffic recorder web spider hash calculator and a scanner for testing common web application 12 00:01:07,690 --> 00:01:12,870 attacks such as ESC fuel injection and cross site scripting. 13 00:01:13,000 --> 00:01:19,350 It is free and open source and it runs on just about anything as long as it's got Java to launch Paris. 14 00:01:19,360 --> 00:01:26,950 We just go to applications web application analysis and click on Paris. 15 00:01:26,980 --> 00:01:32,150 We could also launch it from the terminal window by typing Paris. 16 00:01:32,200 --> 00:01:38,200 Now we are presented with a very minimalistic graphic user interface that makes Windows three point 17 00:01:38,200 --> 00:01:43,650 one look downright gorgeous and advanced by comparison right away. 18 00:01:43,660 --> 00:01:49,570 You may be wondering why would anyone use this over a wasp zap or burp sweet. 19 00:01:49,570 --> 00:01:57,070 The answer is you probably wouldn't Paro saw the height of its usefulness back in 2006 and pretty much 20 00:01:57,160 --> 00:02:03,280 everything it does is redundant with the better more mainstream programs that you have already seen 21 00:02:03,280 --> 00:02:06,850 in prior modules to begin using this tool. 22 00:02:06,850 --> 00:02:09,730 We need to open up our browser of choice 23 00:02:16,620 --> 00:02:18,540 and configure the proxy settings 24 00:02:22,430 --> 00:02:24,680 so we go to the menu here. 25 00:02:24,710 --> 00:02:28,930 We click on preferences advanced 26 00:02:32,120 --> 00:02:34,670 and then interconnection we click settings 27 00:02:37,580 --> 00:02:43,020 and we will click the radial button that says manual proxy configuration. 28 00:02:43,180 --> 00:02:50,090 Make sure that it is set for 127 0 0 0 1 port 80 80. 29 00:02:50,110 --> 00:02:56,440 The port can be changed but there's no reason not to use the default and make sure that the use this 30 00:02:56,440 --> 00:03:04,540 proxy server for all protocols is checked and click ok just like burps suite and zap Paris is a proxy 31 00:03:04,540 --> 00:03:08,440 that sits between you and the website that you are surfing. 32 00:03:08,500 --> 00:03:14,280 It records all of the requests and responses to and from that Web site through your browser. 33 00:03:14,440 --> 00:03:20,560 We can then scan the Web site to determine what kind of vulnerabilities may be present and we can even 34 00:03:20,560 --> 00:03:22,120 spider the site. 35 00:03:22,120 --> 00:03:26,950 If you have been watching the other videos in this module you've seen all this before. 36 00:03:26,970 --> 00:03:29,950 There is nothing that Paris does differently or better. 37 00:03:30,040 --> 00:03:37,420 It is included here for the sake of completion as before I will be using a metal spoil to a virtual 38 00:03:37,420 --> 00:03:39,790 machine as our target system. 39 00:03:39,790 --> 00:03:46,180 Please never use this or any other tool against a target that you do not personally own written permission 40 00:03:46,180 --> 00:03:49,500 to test or else you may be breaking the law. 41 00:03:49,510 --> 00:03:51,250 OK let's get started. 42 00:03:51,400 --> 00:03:58,660 Now we're going to navigate over to the Met a spoil machine which in my case is going to be the IP address 43 00:03:59,300 --> 00:04:01,330 tender 0 0 dot 8 44 00:04:06,230 --> 00:04:11,000 and we're going to click on motility any one of these would do 45 00:04:16,660 --> 00:04:25,560 we'll give this a moment to load up OK and now we'll move back to Paris and there it is. 46 00:04:25,880 --> 00:04:37,110 So we'll expand to this click on Matilda day and we'll go up to the analyse drag down menu and we'll 47 00:04:37,110 --> 00:04:39,150 go ahead and we'll scan it 48 00:04:44,880 --> 00:04:50,010 this normally takes a while against complex targets but not in this case 49 00:04:53,150 --> 00:04:59,090 we can see that the results from the scan have been placed in report last scan 50 00:05:01,970 --> 00:05:06,120 and it's really supposed to open up automatically but it never does so 51 00:05:09,400 --> 00:05:14,940 we're going to have to open up our files to view the report. 52 00:05:16,090 --> 00:05:17,740 We'll click on Paris. 53 00:05:17,740 --> 00:05:24,940 This isn't the route menu session and here it is the last scan report in each PML format. 54 00:05:25,910 --> 00:05:29,990 We'll launch this and it will bring up the results in our main browser window 55 00:05:33,570 --> 00:05:36,620 and here we see the results of our scan against until today 56 00:05:46,910 --> 00:05:52,930 so this is a dirt simple bare bones vulnerability scan. 57 00:05:54,040 --> 00:06:03,640 It may take a very long time on large sites or if you're using the scan all function to look at multiple 58 00:06:03,640 --> 00:06:04,810 targets. 59 00:06:04,810 --> 00:06:10,000 However it won't take very long against simple targets like Metis Floyd Ebel 60 00:06:15,590 --> 00:06:16,790 pretty straightforward. 61 00:06:16,850 --> 00:06:24,710 We can see the requests and responses data presented in the tabs on the right. 62 00:06:24,790 --> 00:06:26,280 Again this is nothing new. 63 00:06:26,280 --> 00:06:31,420 If you have been following along with these modules in order but in case you are just looking at this 64 00:06:31,420 --> 00:06:38,570 one specific tool what Paris is doing is acting as a middleman between your browser and the Web site. 65 00:06:38,650 --> 00:06:45,550 It will grab the traffic back and forth and allow you to analyze it looking for vulnerabilities. 66 00:06:45,550 --> 00:06:51,100 Paris doesn't come with any special frills though which is to say it won't automatically check your 67 00:06:51,100 --> 00:06:57,880 results against any online database of vulnerabilities and make suggestions interpreting the data will 68 00:06:57,880 --> 00:07:01,310 rest squarely on the shoulders of the user. 69 00:07:01,330 --> 00:07:06,600 You can even trap or block requests and responses if you wanted to. 70 00:07:06,760 --> 00:07:10,890 Perhaps for Eskew l injection or a little malicious activity. 71 00:07:11,020 --> 00:07:18,220 This allows you as a pendant as a penetration tester to find ways to better defend a site. 72 00:07:18,310 --> 00:07:20,740 We can also spider a Web site 73 00:07:24,190 --> 00:07:27,400 by going to analyze and clicking Spider 74 00:07:33,110 --> 00:07:39,030 for a complete explanation of spider ring please watch the first module on burp sweet. 75 00:07:39,050 --> 00:07:45,560 In brief this process is building a site map by looking at all of the other ls associated with that 76 00:07:45,560 --> 00:07:47,630 particular Web site. 77 00:07:47,660 --> 00:07:54,160 This can take longer than the scan itself as is the case with Mantilla de Paris. 78 00:07:54,200 --> 00:08:01,610 Much like its vastly superior successor Oh WASP zap does not allow you to set any kind of limitation 79 00:08:01,760 --> 00:08:04,160 of the threads for spider ring. 80 00:08:04,700 --> 00:08:08,000 As you can with burp sweet so do keep this in mind 81 00:08:14,680 --> 00:08:18,460 and I really should have clicked start their while I was talking. 82 00:08:18,460 --> 00:08:22,540 But you can see that this is going fairly quickly. 83 00:08:22,540 --> 00:08:26,650 I'm probably not going to let it finish all right. 84 00:08:26,650 --> 00:08:28,810 I think that's enough will stop the process 85 00:08:31,660 --> 00:08:34,180 close out of this. 86 00:08:34,230 --> 00:08:37,320 Now we can click one of the associated sites 87 00:08:43,980 --> 00:08:46,230 and we can scan it 88 00:08:54,300 --> 00:08:56,380 and that took a little longer than I expected. 89 00:08:58,900 --> 00:09:03,730 OK so now if we go back to our scanning each team file 90 00:09:06,810 --> 00:09:12,540 and open it we'll find that it has been rewritten with the new scan results. 91 00:09:12,540 --> 00:09:18,710 In theory this file should open when we click okay and it should also update for each new scan. 92 00:09:18,810 --> 00:09:20,670 It doesn't do either. 93 00:09:20,670 --> 00:09:24,150 I'm not sure if this is a flaw with this particular version. 94 00:09:24,390 --> 00:09:30,770 Unique to Kelly 2.0 or if this is just an ancient and poorly maintained tool. 95 00:09:31,080 --> 00:09:40,640 Nevertheless if you wish to keep a prior scan you'll need to back up this last scanned report. 96 00:09:40,640 --> 00:09:49,490 Each team l file in which case if you delete it and perform another scan you'll be presented with the 97 00:09:49,490 --> 00:09:50,330 new scan. 98 00:09:50,330 --> 00:09:55,860 Just keep in mind it doesn't seem to update properly again. 99 00:09:55,920 --> 00:09:57,690 That may be a problem with this version. 100 00:09:57,690 --> 00:10:01,800 You may not have that problem with an up to date version. 101 00:10:01,800 --> 00:10:07,190 If an up to date version exists which to be honest with you I haven't been able to find. 102 00:10:07,860 --> 00:10:15,370 But nevertheless now it may seem like I'm being unduly hard on this tool. 103 00:10:15,480 --> 00:10:19,930 It's only because I don't like it and I think it should be put out of its misery. 104 00:10:20,070 --> 00:10:25,700 Or at least updated to be in line with the tools that it comes packaged with. 105 00:10:25,800 --> 00:10:32,130 We know from previous scans that our target motility had a great many more vulnerabilities than what 106 00:10:32,130 --> 00:10:34,580 was detected by this tool. 107 00:10:34,710 --> 00:10:39,060 Which means that Paris didn't catch anywhere close to everything. 108 00:10:39,060 --> 00:10:46,050 As mentioned Paris does not check against any sort of database in the interest of being fair though. 109 00:10:46,170 --> 00:10:53,130 If you update Paris religiously it should only miss many things instead of a great many things. 110 00:10:53,130 --> 00:11:00,420 Nevertheless it is possible to find some nice vulnerabilities using Paris particularly for things like 111 00:11:00,420 --> 00:11:02,350 cross site scripting. 112 00:11:02,670 --> 00:11:11,670 It works kind of but realistically it is well past its prime and it's not going to be a popular choice 113 00:11:12,060 --> 00:11:17,080 compared to the vastly superior burp suite and a WASP zap. 114 00:11:17,130 --> 00:11:22,320 Paris is not being actively maintained at least not that I could find. 115 00:11:22,320 --> 00:11:28,740 Perhaps there are some individuals out there who are working on it but the project really carried over 116 00:11:28,740 --> 00:11:37,930 into a wasp zap which was the spiritual successor of this program Paris is an extremely lightweight 117 00:11:37,930 --> 00:11:46,030 tool and it might be attractive for a system like a raspberry pi or chip or some other tiny microcomputer 118 00:11:46,030 --> 00:11:52,900 with very limited resources so it has that aspect of versatility going for it. 119 00:11:54,420 --> 00:11:59,240 And that is really all there is to say about this ancient tool. 120 00:11:59,250 --> 00:12:05,040 I hope those of you who are viewing it without the nostalgia goggles are able to find some good uses 121 00:12:05,040 --> 00:12:06,160 for it. 122 00:12:06,240 --> 00:12:10,560 It's not terrible it's just really out of date. 123 00:12:10,560 --> 00:12:11,040 Thank you.