1
00:00:00,120 --> 00:00:06,360
Another useful tool when it comes to Web applications is a tool called burp sweet.

2
00:00:06,360 --> 00:00:12,330
Now let's go ahead and open up brb sweet so going to go up to the applications and in your favorite

3
00:00:12,540 --> 00:00:13,680
should exist.

4
00:00:13,680 --> 00:00:14,260
Burps sweet.

5
00:00:14,270 --> 00:00:19,470
Here now Bert sweet is what we call a Web proxy.

6
00:00:19,530 --> 00:00:25,680
Now Web proxy means that it has the capability of intercepting traffic for us and we're going to see

7
00:00:25,680 --> 00:00:26,980
what that looks like.

8
00:00:27,000 --> 00:00:30,020
So you're probably gonna get this error about this Jerry.

9
00:00:30,030 --> 00:00:31,600
Don't worry about it.

10
00:00:31,830 --> 00:00:38,410
We're just going to say OK you might get a you need to accept this license agreement when you first

11
00:00:38,410 --> 00:00:38,710
started.

12
00:00:38,710 --> 00:00:41,080
Go ahead and accept that as well.

13
00:00:41,080 --> 00:00:44,180
And if you see an update screen go ahead and just close.

14
00:00:44,230 --> 00:00:48,220
So we are on the community edition so we will have limited features.

15
00:00:48,220 --> 00:00:52,840
We'll talk more about those when we get to the web application section but just want to introduce you

16
00:00:52,840 --> 00:00:58,810
to what Bersih can do in a very basic form and how we can actually gather some information out of a

17
00:00:58,800 --> 00:01:01,550
Web site from Herb sweet pretty easily.

18
00:01:01,600 --> 00:01:09,180
So let's go ahead and just select temporary project and click next and then select start BIR.

19
00:01:09,410 --> 00:01:15,920
Now the first thing that we're going to do is we're going to set up our Firefox for utilizing brb suite.

20
00:01:15,950 --> 00:01:23,160
So go ahead and go to favorites in Firefox and I want you to go over to the right hand a little hamburger

21
00:01:23,160 --> 00:01:26,580
here and you're going to go and select preferences

22
00:01:29,260 --> 00:01:30,300
from preferences.

23
00:01:30,310 --> 00:01:37,390
We're gonna scroll down all the way to the bottom and we're going to select settings.

24
00:01:37,450 --> 00:01:45,900
Now we're going to select this manual proxy configuration here and we're going to say 1 2 7 0 0 dot

25
00:01:46,010 --> 00:01:48,890
one port 80 80.

26
00:01:49,150 --> 00:01:51,070
Later we get to the web application section.

27
00:01:51,070 --> 00:01:55,420
I'll show you a much easier way of doing this would be tool called Foxy proxy.

28
00:01:55,420 --> 00:01:58,120
But for right now this is a very high level overview.

29
00:01:58,600 --> 00:02:04,750
So go ahead and use this proxy server for all protocols and that should fill in the rest.

30
00:02:04,750 --> 00:02:06,730
Down here we're gonna go ahead and hit.

31
00:02:06,730 --> 00:02:12,090
OK and we're going to leave this open I'll show you why in a second.

32
00:02:12,090 --> 00:02:22,740
So I also want you to go to a new tab and I want you to go to h s double that slash slash burn like

33
00:02:22,740 --> 00:02:24,130
this.

34
00:02:24,360 --> 00:02:27,320
Now your first page might not show up like this.

35
00:02:27,320 --> 00:02:32,820
It might show up with a you need to accept this certificate you're just gonna say allow down at the

36
00:02:32,820 --> 00:02:38,790
bottom and say yes permanently store this exception and then you'll be brought to a screen somewhat

37
00:02:38,790 --> 00:02:39,480
like this.

38
00:02:39,930 --> 00:02:45,450
So what you're gonna do is you're gonna go ahead and just click on see a certificate here and then save

39
00:02:45,450 --> 00:02:46,900
the file.

40
00:02:46,980 --> 00:02:50,430
Mine is already saved as you can see in my downloads right here.

41
00:02:50,430 --> 00:02:56,980
So what I'm going to do is we're going to go back into preferences once we have that saved and we're

42
00:02:56,980 --> 00:02:59,910
going to go to privacy and security over on the left hand side.

43
00:03:01,010 --> 00:03:06,230
We're going to scroll all the way down to the bottom and there is a view certificates but down here

44
00:03:08,560 --> 00:03:14,880
and then we're gonna go ahead and just hit import your Downloads folder should automatically be selected

45
00:03:14,910 --> 00:03:16,260
if not select download.

46
00:03:16,260 --> 00:03:21,270
And then just select the CIA sir I.D. are hit open.

47
00:03:21,300 --> 00:03:23,160
And then it's already installed for me.

48
00:03:23,160 --> 00:03:28,120
But you will have to check boxes check both of those boxes and select OK.

49
00:03:28,260 --> 00:03:31,020
And then it should now be imported for you.

50
00:03:31,020 --> 00:03:32,040
So a couple of things to note.

51
00:03:32,040 --> 00:03:35,230
Firefox sometimes changes things around.

52
00:03:35,370 --> 00:03:37,830
I am recording this video in 2019.

53
00:03:37,830 --> 00:03:43,230
If you watch it at a later time just be cognizant that in the General tab usually towards the bottom

54
00:03:43,230 --> 00:03:48,580
is the network settings and the privacy and security settings usually contain the certificate.

55
00:03:48,600 --> 00:03:51,380
So look around for those sometimes these move.

56
00:03:51,500 --> 00:03:54,820
So from here let's go ahead and just see what we set up.

57
00:03:54,840 --> 00:03:57,450
So I want you to go ahead and try to go to a Web site.

58
00:03:57,450 --> 00:04:02,090
We can try to say Tesla dot com and it is going to stall out.

59
00:04:02,100 --> 00:04:03,810
What is going on here.

60
00:04:03,840 --> 00:04:08,310
So if we go over here we see this proxy tab is lit up in orange.

61
00:04:08,320 --> 00:04:14,010
We're gonna go ahead and click on that and you could see that it's gathering some data here it's captured

62
00:04:14,030 --> 00:04:16,710
and stuff from Firefox.

63
00:04:16,710 --> 00:04:22,800
We've got more Firefox we can just click forward through this if we want and now we could see Tesla

64
00:04:22,800 --> 00:04:28,230
starting to load and what we're doing is we're intercepting requests that Tesla is making out.

65
00:04:28,230 --> 00:04:32,220
This to me looks like a API request or geo ip requests.

66
00:04:32,220 --> 00:04:35,130
This might be geo location looking for a city.

67
00:04:35,340 --> 00:04:40,140
So we're just clicking through clicking through all we're doing is capturing all different kinds of

68
00:04:40,140 --> 00:04:45,360
traffic and we can modify this traffic say we have this request here you don't have to know what this

69
00:04:45,360 --> 00:04:50,520
is right now but we have got this get request we can make this a poster class and for that and see what

70
00:04:50,520 --> 00:04:51,610
happens.

71
00:04:51,660 --> 00:04:53,010
I'm going to turn the intercept off.

72
00:04:53,010 --> 00:04:58,740
I'm going to show you what's going on here so we can go over to the target and you can see all the pages

73
00:04:58,740 --> 00:05:00,230
that have loaded in here.

74
00:05:00,240 --> 00:05:04,740
This is all the traffic that has been intercepted so far since we ran Tesla.

75
00:05:04,800 --> 00:05:10,380
So not only is Tesla running but you could see that it pulls a Google Analytics it pulls this secured

76
00:05:10,380 --> 00:05:15,870
visit which looks like tracking as well it pulls DoubleClick which looks like maybe ads and then it

77
00:05:15,870 --> 00:05:18,250
has an API running here as well.

78
00:05:18,300 --> 00:05:20,310
So it's gathering all this traffic through.

79
00:05:20,330 --> 00:05:25,830
But we're going to dig into this Tesla here and I just want to click on the first Ford slash and see

80
00:05:25,830 --> 00:05:28,230
if there's a response to our request.

81
00:05:28,260 --> 00:05:28,740
There isn't.

82
00:05:28,740 --> 00:05:32,560
Let's go ahead and just look at maybe the.

83
00:05:32,800 --> 00:05:35,470
Let's see if we click into one of these if we get a good response.

84
00:05:35,470 --> 00:05:35,920
We don't.

85
00:05:35,920 --> 00:05:38,840
Let's refresh one more time on the page.

86
00:05:38,860 --> 00:05:40,960
You might even need to hit enter.

87
00:05:40,960 --> 00:05:41,290
OK.

88
00:05:41,290 --> 00:05:43,180
And sometimes it doesn't come through right away.

89
00:05:43,180 --> 00:05:44,710
So let's go ahead and just click around.

90
00:05:44,710 --> 00:05:45,160
There we go.

91
00:05:45,160 --> 00:05:47,270
Do you see all this stuff coming through now.

92
00:05:47,350 --> 00:05:48,280
That's more like it.

93
00:05:48,280 --> 00:05:50,400
It wasn't taking everything up right away.

94
00:05:50,470 --> 00:05:54,120
So what we can do is we can look at some of the things that just came through.

95
00:05:54,130 --> 00:05:56,590
Like we just went to the Model 3 page.

96
00:05:56,590 --> 00:06:00,700
So let's go ahead and click on this Model 3 and see what it's got for us.

97
00:06:00,700 --> 00:06:06,440
So you can see that if we look at the request for this get Model 3 we made a GET request to Model 3.

98
00:06:06,790 --> 00:06:11,230
And what's happened is we say hey I want to go out to this page.

99
00:06:11,230 --> 00:06:14,480
Go ahead take me there and then we can view the response as well.

100
00:06:14,500 --> 00:06:18,420
Now in the response we can get so much information.

101
00:06:18,490 --> 00:06:19,680
Look at this.

102
00:06:19,840 --> 00:06:25,110
We're seeing here that BHP seven point three point seven is running on the back end.

103
00:06:25,180 --> 00:06:28,090
We can see a bunch of information here as well.

104
00:06:28,120 --> 00:06:29,500
Drew Paul aid is running.

105
00:06:29,500 --> 00:06:32,740
We identified that earlier but we're identifying it again.

106
00:06:32,920 --> 00:06:34,360
We could see a lot of other stuff.

107
00:06:34,390 --> 00:06:38,970
There's some weird things here going on too like there's a server name sitting in here.

108
00:06:38,980 --> 00:06:44,320
Typically on an assessment this would actually be a finding a low finding but it's informational as

109
00:06:44,320 --> 00:06:48,730
this is giving us information on possibly naming structure inside that network.

110
00:06:48,820 --> 00:06:51,880
But they also have their own Tesla type header here.

111
00:06:51,880 --> 00:06:54,930
So this is very unique for a client.

112
00:06:55,240 --> 00:07:02,740
But what the point of the matter is here is that we can intercept a basic request in response and get

113
00:07:02,740 --> 00:07:04,690
a lot of information through suite.

114
00:07:04,720 --> 00:07:10,700
We're going to hit home on this really hard when it comes into the scanning and enumeration section.

115
00:07:10,720 --> 00:07:13,570
And when we get into the web section as well.

116
00:07:13,570 --> 00:07:19,120
But for now I just want you to take away that we've installed purposely and we can go out to a Web site

117
00:07:19,450 --> 00:07:23,530
and I still define this as not active scanning.

118
00:07:23,530 --> 00:07:30,030
There is a feature in brb suite that has active scanning that we could actually run but that is a brb

119
00:07:30,030 --> 00:07:30,600
sleep pro.

120
00:07:30,610 --> 00:07:35,890
So it has a vulnerability scanner built in you can see see up here upgrade to Bersih professional automatically

121
00:07:35,890 --> 00:07:37,280
find vulnerabilities.

122
00:07:37,360 --> 00:07:41,740
I have brb Sue pro it's four hundred dollars a year is absolutely fantastic.

123
00:07:41,740 --> 00:07:42,940
Worth the money.

124
00:07:42,970 --> 00:07:46,090
One of the few applications that I would recommend anybody buy.

125
00:07:46,510 --> 00:07:50,830
But for the course I'm going to limit it to utilizing communication.

126
00:07:50,830 --> 00:07:56,270
I will bring in pro sometimes as a show you some features but we're not going to worry about that.

127
00:07:56,380 --> 00:08:02,420
So long spiel short I still feel that we are in step one here even though we are accessing the Web site

128
00:08:02,710 --> 00:08:05,590
we're not doing anything very actively with scanning.

129
00:08:05,590 --> 00:08:06,910
This is all very passive.

130
00:08:06,910 --> 00:08:09,960
We're using traffic like a normal user would.

131
00:08:09,970 --> 00:08:13,490
So you can see that we can intercept traffic and get a lot of information.

132
00:08:13,540 --> 00:08:18,850
Again tools like appetizer look it pulls down the headers for us and it says hey it's running DHB seven

133
00:08:18,850 --> 00:08:20,090
point three point seven.

134
00:08:20,170 --> 00:08:22,870
It's running Drupal 8 whereas it getting that from.

135
00:08:23,170 --> 00:08:25,090
Well it's getting it from these responses.

136
00:08:25,210 --> 00:08:28,120
So it's pulling a lot of that down for us automatically.

137
00:08:28,120 --> 00:08:31,570
But there's a lot of things that we can do when we get into Barb's suit as well.

138
00:08:31,570 --> 00:08:37,120
So consider this just a mini introduction into the tool and then we'll touch back on it over and over

139
00:08:37,120 --> 00:08:38,710
again as we go.

140
00:08:38,710 --> 00:08:40,370
So this is it for this video.

141
00:08:40,480 --> 00:08:45,940
We're going to get into some google fu in the next video and talk about social media as well.

142
00:08:45,970 --> 00:08:47,460
So I'll see you in the next one.