WEBVTT 00:07.340 --> 00:08.030 Alright. 00:08.030 --> 00:08.720 Welcome back. 00:08.750 --> 00:12.920 Today we are going to use the tool OAuth zap or Zap proxy. 00:12.950 --> 00:17.630 I'm going to open up terminal because Kali Linux does not have this tool already installed. 00:17.630 --> 00:19.160 We actually need to install it. 00:19.190 --> 00:27.740 So we're going to type in sudo and then app apt install and then zap proxy. 00:28.340 --> 00:31.040 Just like that only one p only one t. 00:31.160 --> 00:32.360 Then we're going to hit that button. 00:32.450 --> 00:33.950 So it asked me for my password. 00:33.980 --> 00:37.250 Let that sucker go into play and let it do its thing. 00:37.250 --> 00:38.720 So this will take a minute to get installed. 00:38.720 --> 00:42.800 Depending on how fast or slow your machine is, it could take a few minutes. 00:42.860 --> 00:43.100 All right. 00:43.130 --> 00:45.890 Once it's in there, we're actually going to start it. 00:45.890 --> 00:51.560 And to start it we type in OWASp, OWASp, Dash, zap. 00:52.010 --> 00:55.250 And let's do that switch H or that tag H to get that help menu. 00:55.250 --> 01:00.620 And you can see that it's going to go through and identify whether or not it's working or not It's also 01:00.620 --> 01:02.300 going to give this manual for us. 01:02.390 --> 01:06.710 And we can see the little captions right here and all this other good stuff. 01:06.710 --> 01:12.020 Now zap, a nice, really nice thing about it is it actually has a GUI interface. 01:12.020 --> 01:18.770 So to use that gooey interface we're just going to type in OWASp Dash zap. 01:21.710 --> 01:23.180 And it's going to boot up for us. 01:23.180 --> 01:26.420 Now the first time it boots up it's going to take a few minutes because it's going to download some 01:26.420 --> 01:29.060 stuff and it says do I want to do the persistence? 01:29.060 --> 01:30.500 Do I not want to do the persistence? 01:30.500 --> 01:31.610 What do I want to do? 01:31.640 --> 01:37.010 I'm going to say, no, I don't want to persistent session at this time, uh, I'm not going to remember 01:37.010 --> 01:37.490 my choice. 01:37.490 --> 01:38.810 I'm going to go ahead and press start. 01:38.930 --> 01:41.030 Let me blow this up so you can see it. 01:41.480 --> 01:43.910 And it's going to ask me, do I want to update all these items? 01:43.910 --> 01:47.030 I recommend you update everything. 01:47.270 --> 01:48.650 I'm just weird like that. 01:48.650 --> 01:50.600 I like updated software. 01:50.600 --> 01:52.310 I know it's weird, right? 01:52.310 --> 01:57.290 And again, let me blow this up and then I can also press this update all button if I wanted to. 01:57.320 --> 02:01.700 I'm just going to update the selected because those are the ones that need an update, and it's going 02:01.730 --> 02:03.500 to say yes and let it do its thing. 02:03.500 --> 02:08.570 This again will take it a second to get up there, and you'll start to notice that everything has been 02:08.570 --> 02:10.400 updated except for this one right here. 02:10.400 --> 02:12.920 But for the interest of time, I'm just going to close that out. 02:12.920 --> 02:14.750 Let's re do that. 02:14.750 --> 02:16.160 And here we go. 02:16.160 --> 02:16.730 Let's get started. 02:16.730 --> 02:19.190 Using this tool we're going to do an automated scan. 02:19.280 --> 02:21.410 And it's going to ask me what the URL is. 02:21.440 --> 02:27.770 Now I'm going to use again chapter two, and I'm just going to type in that IP address right there. 02:27.800 --> 02:28.370 Okay. 02:28.400 --> 02:30.410 Once I'm done with that I have some choices. 02:30.410 --> 02:33.890 I can do Firefox, headless Chrome, so on and so forth. 02:33.890 --> 02:37.370 I'm going to just use the default for purposes of exercise today. 02:37.610 --> 02:41.180 And then I'm going to hit that little attack button right there and let it do its thing. 02:41.990 --> 02:44.390 Now it's going to go through and it's going to start scanning. 02:44.390 --> 02:47.090 While it's scanning I want to point out some things to you. 02:47.150 --> 02:49.100 There's the alerts button right here. 02:49.130 --> 02:53.180 This alerts tell us all the vulnerabilities that it's found so far. 02:53.330 --> 02:58.430 It also has its output of different items that it's outputted based on what you've done in the past. 02:58.850 --> 03:00.110 It is a spider. 03:00.140 --> 03:05.630 The spider is going through the web server, and it's looking for active directories that it can find. 03:06.470 --> 03:09.200 And then it has this active scan which again goes through it. 03:09.200 --> 03:10.580 I'm going to go to alerts. 03:10.610 --> 03:12.380 I'm just going to start with this red flag. 03:12.380 --> 03:14.840 That's the most critical the SQL injections two. 03:14.870 --> 03:18.770 I can press that little down arrow and I can click on a specific one if I wanted to. 03:18.800 --> 03:24.890 And it's saying hey index.php risk of high confidence medium parameter. 03:24.890 --> 03:26.660 It's using a SQL injection. 03:26.660 --> 03:31.300 So if it did zap or one equals one that's the attack it utilized. 03:31.330 --> 03:37.150 It has the ID of 89 and it's saying SQL injection may be possible. 03:37.180 --> 03:38.080 May be possible. 03:38.080 --> 03:43.840 If I scroll down a little bit over here it's saying other information. 03:43.870 --> 03:49.270 The page results were successfully manipulated using Boolean and it says solution. 03:49.300 --> 03:53.470 Do not trust this site input even if the client site is validated in place. 03:53.470 --> 03:55.480 In general type all data. 03:55.510 --> 03:56.320 Yada yada yada. 03:56.320 --> 03:58.390 And it gives me a reference to look at. 03:59.140 --> 04:04.840 So it's telling me what I need to do in order to provide a decent solution. 04:04.840 --> 04:07.240 Now, is the solution the best case? 04:07.240 --> 04:08.140 Probably not. 04:08.170 --> 04:08.500 Right. 04:08.530 --> 04:11.380 The best solution would go in there and do input validation. 04:11.560 --> 04:16.930 Uh, and make sure that the developers go through and make sure that the, the program or the software 04:16.930 --> 04:21.010 is not vulnerable to input attack or SQL attack. 04:21.040 --> 04:21.280 Right? 04:21.310 --> 04:25.150 So whoever developed the website, we would want them to go through and do that process. 04:25.300 --> 04:25.570 Right. 04:25.600 --> 04:28.420 So this is very quick, very down and dirty. 04:28.450 --> 04:31.360 This is OWASp very, very easy to use. 04:31.360 --> 04:32.830 Uh, I like the GUI interface. 04:32.830 --> 04:37.300 This is actually one of the programs that I truly enjoy because it makes it so simple to use. 04:37.330 --> 04:37.720 All right. 04:37.750 --> 04:38.980 I hope you learned something. 04:39.010 --> 04:40.420 As always, have a good one.