1 00:00:10,000 --> 00:00:17,050 Let us continue with the application penetration testing in the previous videos, we saw how to exploit 2 00:00:17,050 --> 00:00:24,550 the commanding general vulnerability individually and now in this lecture on what is the how to exploit 3 00:00:24,550 --> 00:00:26,080 the failure, proven their abilities. 4 00:00:26,560 --> 00:00:32,620 But before doing that, we need to configure the most important tool required in the Web application 5 00:00:32,620 --> 00:00:33,760 penetration testing. 6 00:00:34,060 --> 00:00:37,180 And most of the security experts also use this tool. 7 00:00:37,720 --> 00:00:39,370 This is known as Bob Boxwood. 8 00:00:40,360 --> 00:00:42,940 So what is bop, bop, bop, bop? 9 00:00:43,090 --> 00:00:47,590 It is a set of tools for penetration testing of the applications. 10 00:00:48,040 --> 00:00:52,390 It is developed by a company named as Pottsville BOP. 11 00:00:52,540 --> 00:00:58,930 It aims to be an all in one set of tools, and its capabilities can be enhanced by installing different 12 00:00:58,930 --> 00:01:00,250 add ons and plug ins. 13 00:01:01,200 --> 00:01:09,450 It is the most popular tool among professional security researchers and bug bounty hunters, why people 14 00:01:09,450 --> 00:01:17,940 prefer BOP's, it is because of it's more suitable choice or apps, and that is the ease of use now. 15 00:01:18,030 --> 00:01:23,730 But it is available as a community addition, which is free, of course, and professional attrition 16 00:01:23,730 --> 00:01:31,320 that costs around 400 dollars per year, and an enterprise edition that costs around 4000 dollars per 17 00:01:31,320 --> 00:01:31,590 year. 18 00:01:31,680 --> 00:01:37,920 This lecture will give you a brief introduction to the different tools offered by both sweet. 19 00:01:37,920 --> 00:01:43,650 And if you are a complete beginner in the application penetration testing, this is the most important 20 00:01:43,650 --> 00:01:49,040 lecture and you should please listen to this installation process above it very closely. 21 00:01:49,410 --> 00:01:51,190 So let us get started. 22 00:01:51,210 --> 00:01:55,750 Make sure that you have turned on your Linux machine and metastable machine. 23 00:01:55,770 --> 00:01:58,280 Also, let us see how to configure Boxley. 24 00:01:59,710 --> 00:02:06,190 So as you can see, I have called Linux open here, so the image or the file, which I have already 25 00:02:06,190 --> 00:02:08,710 installed in Cali, has a preinstalled version of both. 26 00:02:08,710 --> 00:02:09,080 Sweet. 27 00:02:09,490 --> 00:02:18,930 So what you need to do is go to the applications and type BOPE, Suite B, you are P and there you go. 28 00:02:18,940 --> 00:02:20,200 You can see the logo. 29 00:02:20,200 --> 00:02:22,330 Just click and legba open. 30 00:02:31,450 --> 00:02:36,250 If you are installing or opening a suite for the first time, it may take a couple of minutes to look. 31 00:02:40,180 --> 00:02:42,030 Don't look anything, just click, OK? 32 00:02:44,410 --> 00:02:46,040 But will start automatically. 33 00:02:46,720 --> 00:02:53,020 So you just have to accept everything, click, accept and then click start. 34 00:02:53,980 --> 00:02:56,560 Do not update, just click close and click start. 35 00:02:57,470 --> 00:03:05,630 And start wait, the pope's DUI gets launched, the pope is available in Linux as well as in Mac and 36 00:03:05,630 --> 00:03:10,550 Windows, but for this lecture and for the rest of the lectures, all of our ethical hacking codes, 37 00:03:10,820 --> 00:03:13,640 you will see how to use Bob in Linux. 38 00:03:15,080 --> 00:03:20,420 Now, this is the interface of the Xbox, which means we're going to use a community addition. 39 00:03:20,750 --> 00:03:26,070 Most of the tools are not available and also are not required if you are a complete begin to expand 40 00:03:26,070 --> 00:03:27,530 the window of book. 41 00:03:27,560 --> 00:03:31,650 And now let us go to the first tool that is a spider. 42 00:03:32,210 --> 00:03:36,620 It is a Web spider or chloro that is used to map the target of application. 43 00:03:37,040 --> 00:03:42,230 The objective of the mapping is to get a list of end points so that the functionality can be observed 44 00:03:42,500 --> 00:03:44,660 and potential vulnerabilities can be found. 45 00:03:45,170 --> 00:03:50,750 Now spidering is done for the simple reason that more endpoints you gather during the recognition process, 46 00:03:51,020 --> 00:03:55,070 the more attack surfaces you process, the next step is the proxy. 47 00:03:56,030 --> 00:03:58,190 What is a proxy, Nebojsa? 48 00:03:58,220 --> 00:04:05,630 It contains and intercepting proxy that lets the user see and modify the contents of requests and responses 49 00:04:05,840 --> 00:04:06,980 while they are in transit. 50 00:04:07,280 --> 00:04:09,110 For example, intercepting. 51 00:04:09,320 --> 00:04:11,580 Suppose you are communicating with your browser. 52 00:04:12,260 --> 00:04:20,870 Now you type search work it now when you hit the go button, we use it to catch that request, which 53 00:04:20,870 --> 00:04:23,780 means the browser will send the request to upsweep. 54 00:04:23,990 --> 00:04:28,460 You can modify the contents and then send it back to the server. 55 00:04:28,970 --> 00:04:33,640 This is known as intercepting like a man in the middle it. 56 00:04:33,650 --> 00:04:40,730 Now the proxy tag also lets the user send the request response under monitoring to another relevant 57 00:04:40,730 --> 00:04:44,570 tool in Boxwood, removing the burden of copy and paste. 58 00:04:45,410 --> 00:04:50,420 The proxy server can be adjusted to run on a specific loop back IP and a port. 59 00:04:50,840 --> 00:04:56,450 And also the proxy can also be configured to filter out specific types of request response. 60 00:04:57,200 --> 00:05:04,810 So in the proxy type you can see these are the following four types intercept A.P. history, websocket, 61 00:05:04,820 --> 00:05:06,110 history and options. 62 00:05:06,440 --> 00:05:07,870 We are interested in options. 63 00:05:08,570 --> 00:05:10,880 The first thing is proxy listeners. 64 00:05:11,150 --> 00:05:18,050 You can see the default IP address is one twenty seven point zero point one and the port is eighty. 65 00:05:18,410 --> 00:05:20,150 What is the use of this IP? 66 00:05:20,540 --> 00:05:28,550 This is a Lubeck IP address, so if you set your browser to send all the requests to this IP only, 67 00:05:28,850 --> 00:05:34,760 what browser will do is that whenever you search for something to the server, the browser will first 68 00:05:34,760 --> 00:05:39,140 send the request to the IP address that is mentioned in that browser. 69 00:05:39,620 --> 00:05:45,980 And for Bobes, which we are going to mention this IP address in your browser, so automatically the 70 00:05:45,980 --> 00:05:51,480 browser sends the request to it and then work through it will forward the request to the browser. 71 00:05:52,070 --> 00:05:58,990 So just remember this IP address one twenty seven point zero point zero point one and postdated. 72 00:05:59,420 --> 00:06:05,570 Now minimize the website will explore the rest of the tabs after some time up on your Firefox browser. 73 00:06:07,260 --> 00:06:12,390 Including it's only to just go to applications and type Firefox. 74 00:06:19,800 --> 00:06:22,230 In the Firefox, just go to preferences. 75 00:06:27,060 --> 00:06:29,430 And scroll down to the last option. 76 00:06:30,870 --> 00:06:36,510 Which is network settings, click settings, now you can see there are different options, no proxy 77 00:06:36,510 --> 00:06:38,740 or reject proxy and manual proxy. 78 00:06:39,150 --> 00:06:41,220 We are interested in manual proxy. 79 00:06:41,460 --> 00:06:47,420 So just type one twenty seven point zero point zero point one and put eighty eighty. 80 00:06:54,390 --> 00:06:59,490 And select option, use this proxy for all servers and then click, OK? 81 00:07:00,450 --> 00:07:08,160 Now, what we have done is whenever we will sort something of a request will be directly sent to Bob 82 00:07:08,160 --> 00:07:08,470 Sweet. 83 00:07:08,860 --> 00:07:12,780 So let us try searching something just like Google. 84 00:07:13,680 --> 00:07:22,410 Oh, but why we got an error because we have it all browser that, OK, berp is a good tool and we need 85 00:07:22,410 --> 00:07:29,080 to trust berp so far that we will have to download the trust certificate provided by Bob. 86 00:07:29,100 --> 00:07:30,680 So just open a new browser. 87 00:07:31,640 --> 00:07:35,330 Open a new tab and just type that HTP. 88 00:07:37,150 --> 00:07:46,330 Colon slash, slash berp B, you are being hit and you can see a certificate there, just click there 89 00:07:46,330 --> 00:07:49,860 to download the certificate, click save file. 90 00:07:50,650 --> 00:07:56,230 Now this certificate will tell Mozilla Firefox browser that, okay, Bob is a good tool and I can trust 91 00:07:56,230 --> 00:08:00,040 Bob, so we will wait until it gets downloaded. 92 00:08:00,640 --> 00:08:04,500 So now you can see in the downloads I have downloaded the C A certificate. 93 00:08:04,810 --> 00:08:05,880 Now go to your browser. 94 00:08:06,820 --> 00:08:08,380 That is the Mozilla Firefox. 95 00:08:11,740 --> 00:08:13,270 Again, go to preferences. 96 00:08:15,790 --> 00:08:16,640 Scroll down. 97 00:08:17,320 --> 00:08:19,450 Did you get a certificate authority? 98 00:08:21,410 --> 00:08:28,570 In privacy, go to privacy and security, go down, scroll down, and at the end you can see Certificate's 99 00:08:28,940 --> 00:08:32,720 now click view certificates and then click import. 100 00:08:32,750 --> 00:08:37,490 Now, these are the also advocates already present inside import that certificate, which we have just 101 00:08:37,490 --> 00:08:41,810 downloaded, only big trust, key to identify the websites. 102 00:08:41,990 --> 00:08:46,000 If you want, you can identify email users, but I will prefer to identify websites. 103 00:08:46,010 --> 00:08:48,860 Click OK and then click OK. 104 00:08:49,610 --> 00:08:54,260 Now we have told the browser that OK, Bob is a good tool and we can trust book. 105 00:08:54,710 --> 00:08:56,720 So now go to Bob Sweet. 106 00:08:59,560 --> 00:09:00,700 In The Intercept. 107 00:09:03,280 --> 00:09:10,360 Intercepted off certain that intercept on and now go to Mozilla Firefox browser and there type Google 108 00:09:10,360 --> 00:09:10,900 dot com. 109 00:09:12,040 --> 00:09:16,610 You can see the tablets, the loading, and voila, we got the request in our book. 110 00:09:16,990 --> 00:09:20,980 Now, this is the request which we have intercepted in BOPE suite. 111 00:09:21,170 --> 00:09:25,480 You can see the first icon is get that is HTP matter. 112 00:09:25,500 --> 00:09:28,930 It is using a get a parameter, get better host. 113 00:09:28,940 --> 00:09:32,260 That is our browser is trying to contact to whom. 114 00:09:32,380 --> 00:09:34,420 Google com user agent. 115 00:09:34,420 --> 00:09:36,100 That is Mozilla Firefox. 116 00:09:36,400 --> 00:09:39,750 Then accept accept language encoding. 117 00:09:40,640 --> 00:09:43,410 We've also got cookie and everything. 118 00:09:43,420 --> 00:09:46,210 So now just click forward request. 119 00:09:48,290 --> 00:09:54,890 And then go to Mosiello again, click forward to forward everything that we have got to keep on going 120 00:09:54,890 --> 00:09:57,170 forward till we get further requests. 121 00:10:01,580 --> 00:10:08,450 And you can see we have finally got Google dot com, so this is how you intercept requests in bulk, 122 00:10:08,450 --> 00:10:08,810 sweetie. 123 00:10:09,170 --> 00:10:16,140 Now go to Boxwood and done the intercept of the next tool that we're going to see is the intruder. 124 00:10:17,660 --> 00:10:23,960 It is basically, officer, what is fuzzing fuzzing is basically randomly trying different values and 125 00:10:23,960 --> 00:10:26,270 then trying to get output that is known as fuzzy. 126 00:10:27,180 --> 00:10:34,710 Now, this tool is used to run a set of values through an input point, the values are run and the output 127 00:10:34,710 --> 00:10:41,850 is observed for success or failure, and the content length, usually an anomaly, result in a change 128 00:10:41,850 --> 00:10:48,120 in the response code or content length of the response box, which allows brute force, a dictionary 129 00:10:48,120 --> 00:10:52,080 file and single value attacks for its payload position. 130 00:10:52,680 --> 00:10:59,760 Now, the intruder is primarily used for three major types of attacks brute force attacks on password 131 00:10:59,760 --> 00:11:02,220 forms, bane forms and other such forms. 132 00:11:02,730 --> 00:11:09,660 The dictionary attack on password forms, feels Escalon connection, etc. and finally, testing and 133 00:11:09,660 --> 00:11:13,320 attacking rate limiting flaw in the Web application. 134 00:11:14,220 --> 00:11:17,610 The fourth, which you're going to see, is the repeater tool. 135 00:11:20,270 --> 00:11:25,760 Repeater lets a user send requests repeatedly with manual modifications. 136 00:11:26,180 --> 00:11:30,530 It is used for verifying whether the user supplied values are being verified. 137 00:11:31,040 --> 00:11:37,280 If users of their values are being verified, how well it is being done, then what values is the are 138 00:11:37,280 --> 00:11:39,190 expecting in an input parameter? 139 00:11:39,860 --> 00:11:42,350 How does the server handle unexpected values? 140 00:11:43,070 --> 00:11:45,870 Is input sanitisation being applied by the server? 141 00:11:46,100 --> 00:11:51,500 So basically, instead of bringing the server every time, you can just send the request to repeater 142 00:11:51,500 --> 00:11:58,560 tab and then analyze the request and response simultaneously to see how exactly the algorithm behind 143 00:11:58,820 --> 00:12:00,390 the application is working. 144 00:12:01,160 --> 00:12:03,200 The fifth tool is the sequencer. 145 00:12:04,020 --> 00:12:10,200 The sequencer isn't entropy checker that checks for the randomness of the tokens generated by the Web 146 00:12:10,200 --> 00:12:10,650 server. 147 00:12:11,100 --> 00:12:18,360 Now these tokens are generally used for authentication in sensitive operations like cookies and cookies, 148 00:12:18,360 --> 00:12:26,220 that if tokens are examples of such tokens, ideally these tokens must be generated in a fully random 149 00:12:26,220 --> 00:12:32,730 manner so that the probability of appearance of each possible character at a position is distributed 150 00:12:32,730 --> 00:12:33,420 uniformly. 151 00:12:34,720 --> 00:12:40,390 So this is how Sequencer works, it is basically used to do everything related to cross site request 152 00:12:40,390 --> 00:12:41,610 forgery and cookies. 153 00:12:42,280 --> 00:12:51,880 The next comes Decoder Decoder lists the common encoding methods like you are a XHTML, Base64, Hecks, 154 00:12:51,910 --> 00:12:52,510 etc.. 155 00:12:53,020 --> 00:12:58,540 This tool comes handy when looking for chunks of data in values, for parameters or headers. 156 00:12:58,870 --> 00:13:01,600 Let us try one thing now. 157 00:13:01,810 --> 00:13:10,030 You can see at the right corner there is a tab and code as to just click the encoders and just type 158 00:13:10,030 --> 00:13:10,540 you are in. 159 00:13:12,610 --> 00:13:17,860 Now, in the first box here, type random letters type hello. 160 00:13:19,060 --> 00:13:25,840 You can see the URL is encoded, and if you copy this URL, if you copy this form and pasted in a browser 161 00:13:25,840 --> 00:13:31,450 to attack different passwords, that it may bypass the firewall of the server. 162 00:13:31,990 --> 00:13:37,030 And we are going to see how this decoding is very useful in upcoming lectures. 163 00:13:38,320 --> 00:13:46,030 Next is the extender box, which supports external components to be integrated into the tools to enhance 164 00:13:46,030 --> 00:13:46,980 its capabilities. 165 00:13:47,410 --> 00:13:50,130 These external components are called BAPS. 166 00:13:50,800 --> 00:13:57,610 These work just like the browser extensions and thus can be viewed, modified, installed and installed 167 00:13:57,610 --> 00:13:58,830 in the extender window. 168 00:14:00,150 --> 00:14:06,990 The next is project options, any other options, which are basically different options, which you 169 00:14:06,990 --> 00:14:09,650 can set while using the works with. 170 00:14:13,230 --> 00:14:19,050 Compare function, let's you to do a vulnerability level comparison of between different data. 171 00:14:19,350 --> 00:14:24,420 So if you have two items and if you want to compare between the two requests or responses, you can 172 00:14:24,420 --> 00:14:30,720 just paste the two items in the two tabs and then hit the compare button to see what similarities are 173 00:14:30,720 --> 00:14:32,400 in there and what are the differences. 174 00:14:32,430 --> 00:14:38,670 So basically, if you want to analyze different incoming requests by intercepting them, this computer 175 00:14:38,670 --> 00:14:40,050 tool is very handy. 176 00:14:41,070 --> 00:14:43,760 So this was all for today's lecture. 177 00:14:44,040 --> 00:14:49,080 But before closing it, you need to do one important thing. 178 00:14:49,080 --> 00:14:52,080 So just click the close button for the sweet. 179 00:14:55,390 --> 00:14:57,040 And now try searching something. 180 00:15:00,750 --> 00:15:02,850 Let's try switching cybersecurity. 181 00:15:06,180 --> 00:15:07,890 Just like Zibo and hit Enter. 182 00:15:08,840 --> 00:15:14,950 We have got a little while, but our bobsledders close, you are right, we didn't change the proxy. 183 00:15:15,200 --> 00:15:23,960 So again, go to preferences, scroll down, go to network settings, click no proxy, click OK, and 184 00:15:23,960 --> 00:15:25,460 then try searching again. 185 00:15:31,800 --> 00:15:32,850 There we go, we have a. 186 00:15:33,570 --> 00:15:39,150 So before closing bobes, we make sure that you changed the proxy settings. 187 00:15:40,350 --> 00:15:48,150 This was all for this lecture and in the next lecture, we will see how to exploit the file, upload 188 00:15:48,160 --> 00:15:51,840 vulnerability and what is meant by available vulnerability.