1
00:00:00,210 --> 00:00:01,043
‫Man: Hi.

2
00:00:01,043 --> 00:00:04,140
‫Within this lecture we are going to install

3
00:00:04,140 --> 00:00:06,390
‫the Burpsuite and also set it up

4
00:00:06,390 --> 00:00:10,320
‫so that we can use it with our penetration tests.

5
00:00:10,320 --> 00:00:13,230
‫So what I'm going to do, I'm already in my bound to,

6
00:00:13,230 --> 00:00:15,600
‫actually, we are done with the bound to things

7
00:00:15,600 --> 00:00:18,780
‫because we have already installed the vAPI

8
00:00:18,780 --> 00:00:20,880
‫and running on the server, right?

9
00:00:20,880 --> 00:00:23,940
‫So if you type your IP address on the browser

10
00:00:23,940 --> 00:00:26,850
‫you can see the vAPI.

11
00:00:26,850 --> 00:00:29,910
‫Now that said, you don't need to just log

12
00:00:29,910 --> 00:00:31,770
‫into the server anymore.

13
00:00:31,770 --> 00:00:34,170
‫After you are done, just don't forget

14
00:00:34,170 --> 00:00:36,420
‫to destroy the drop it or just delete

15
00:00:36,420 --> 00:00:40,230
‫the project so your credit card won't be charged, okay?

16
00:00:40,230 --> 00:00:45,230
‫So, if you see this when you go to your IP/VP or vAPI,

17
00:00:46,293 --> 00:00:48,780
‫then it's okay, Okay?

18
00:00:48,780 --> 00:00:53,100
‫So once you're done with the WAPI test over here

19
00:00:53,100 --> 00:00:56,490
‫or vAPI test over here, you can come over here and say,

20
00:00:56,490 --> 00:01:01,140
‫destroy this droplet or you can just delete the project

21
00:01:01,140 --> 00:01:03,060
‫from the settings as well, okay?

22
00:01:03,060 --> 00:01:05,201
‫Don't forget to do that.

23
00:01:05,201 --> 00:01:07,050
‫So far so good.

24
00:01:07,050 --> 00:01:10,050
‫So, what are we going to do within this section?

25
00:01:10,050 --> 00:01:11,910
‫Within this lecture?

26
00:01:11,910 --> 00:01:14,580
‫We're going to install the Burpsuite so

27
00:01:14,580 --> 00:01:17,880
‫that we can work with this vAPI

28
00:01:17,880 --> 00:01:21,840
‫and interrupt and capture the packets

29
00:01:21,840 --> 00:01:23,280
‫so that we can see them

30
00:01:23,280 --> 00:01:26,550
‫or manipulate them in a way that we want.

31
00:01:26,550 --> 00:01:29,493
‫So, if you have been watching this

32
00:01:29,493 --> 00:01:32,190
‫for the web pen testing course,

33
00:01:32,190 --> 00:01:35,190
‫you already know how to do that, right?

34
00:01:35,190 --> 00:01:37,740
‫So if you're watching the mobile application,

35
00:01:37,740 --> 00:01:39,750
‫Mobile Ethical Hacking course,

36
00:01:39,750 --> 00:01:42,240
‫then you need to watch this lecture.

37
00:01:42,240 --> 00:01:45,660
‫But if you're coming here from web pen testing course,

38
00:01:45,660 --> 00:01:47,910
‫just skip this lecture.

39
00:01:47,910 --> 00:01:50,460
‫So if you Google Burpsuite, you will see

40
00:01:50,460 --> 00:01:53,160
‫that this is a tool that has been produced

41
00:01:53,160 --> 00:01:54,824
‫by the Ports Swigger Company, portswigger.net

42
00:01:54,824 --> 00:01:59,824
‫so the website is actually portswigger.net/burp.

43
00:02:00,630 --> 00:02:03,420
‫And Burpsuite is kind of a proxy

44
00:02:03,420 --> 00:02:06,510
‫so we can see the requests that we are sending

45
00:02:06,510 --> 00:02:09,960
‫and analyze the responses that we are getting

46
00:02:09,960 --> 00:02:11,400
‫and we can interrupt them

47
00:02:11,400 --> 00:02:13,530
‫and we can actually manipulate them

48
00:02:13,530 --> 00:02:16,350
‫before we send to the server as well.

49
00:02:16,350 --> 00:02:21,350
‫So, this works like a proxy because it captures the traffic

50
00:02:21,480 --> 00:02:24,240
‫and we send this through the Burpsuite.

51
00:02:24,240 --> 00:02:26,340
‫It's a very cool tool.

52
00:02:26,340 --> 00:02:28,770
‫Of course, this is going to be like a crash course

53
00:02:28,770 --> 00:02:32,640
‫for the mobile Ethical Hacking Course users.

54
00:02:32,640 --> 00:02:34,560
‫But, for the Web pen testing side,

55
00:02:34,560 --> 00:02:37,680
‫we have already seen this a lot.

56
00:02:37,680 --> 00:02:39,990
‫So, this is another free tool,

57
00:02:39,990 --> 00:02:42,450
‫but there is a free version, of course,

58
00:02:42,450 --> 00:02:43,560
‫we are going to use it.

59
00:02:43,560 --> 00:02:46,290
‫The free version is called Community Version.

60
00:02:46,290 --> 00:02:48,210
‫So if you come over here to products,

61
00:02:48,210 --> 00:02:50,760
‫you can see the community addition over here.

62
00:02:50,760 --> 00:02:51,593
‫Of course, you,

63
00:02:51,593 --> 00:02:53,730
‫if you want, you can purchase the enterprise

64
00:02:53,730 --> 00:02:55,980
‫or the professional versions as well

65
00:02:55,980 --> 00:02:58,677
‫but it's a little bit expensive, like 300,

66
00:02:58,677 --> 00:02:59,510
‫400 bucks.

67
00:02:59,510 --> 00:03:02,970
‫So I'm just going to go with the community edition

68
00:03:02,970 --> 00:03:04,110
‫and we are going to talk

69
00:03:04,110 --> 00:03:06,780
‫about the differences between the community edition

70
00:03:06,780 --> 00:03:09,030
‫and also the professional edition as well.

71
00:03:09,030 --> 00:03:11,340
‫Don't worry about it, but all you gotta do

72
00:03:11,340 --> 00:03:15,240
‫is just download this and, if you download this,

73
00:03:15,240 --> 00:03:18,047
‫you can just install it by clicking on next, next,

74
00:03:18,047 --> 00:03:21,930
‫next on Windows and on Mac as well.

75
00:03:21,930 --> 00:03:24,622
‫So if you're using Key Color Linux, it's already,

76
00:03:24,622 --> 00:03:27,858
‫it should be already installed on Color Linux

77
00:03:27,858 --> 00:03:30,030
‫or any Linux distribution.

78
00:03:30,030 --> 00:03:33,570
‫You can just download it and install it as well.

79
00:03:33,570 --> 00:03:36,930
‫So, once you create a project in the Burpsuite,

80
00:03:36,930 --> 00:03:39,390
‫you can just use the defaults, okay?

81
00:03:39,390 --> 00:03:41,310
‫You don't need to change anything

82
00:03:41,310 --> 00:03:45,630
‫and you will see a screen like this.

83
00:03:45,630 --> 00:03:49,560
‫So, what are we going to do with the screen?

84
00:03:49,560 --> 00:03:53,640
‫Burpsuite has a lot of modules, okay?

85
00:03:53,640 --> 00:03:56,340
‫We can do so many things with Burpsuite.

86
00:03:56,340 --> 00:03:57,720
‫It's a very good tool.

87
00:03:57,720 --> 00:04:01,200
‫It's the tool for the web pen testing.

88
00:04:01,200 --> 00:04:04,080
‫We can intercept the packets using

89
00:04:04,080 --> 00:04:07,284
‫the proxy module over here, I'm gonna show you how.

90
00:04:07,284 --> 00:04:11,310
‫All you gotta do is just give some settings to proxy

91
00:04:11,310 --> 00:04:15,300
‫and make sure the browser has the same settings as well.

92
00:04:15,300 --> 00:04:17,340
‫Using the intruder module,

93
00:04:17,340 --> 00:04:20,310
‫you can actually do some brute force attacks

94
00:04:20,310 --> 00:04:23,910
‫and we're gonna do a lot of those in the section as well.

95
00:04:23,910 --> 00:04:25,650
‫So we gonna see how to use it.

96
00:04:25,650 --> 00:04:27,060
‫In the repeater, we can,

97
00:04:27,060 --> 00:04:29,970
‫you can send some responses, send some requests,

98
00:04:29,970 --> 00:04:31,650
‫and analyze the responses.

99
00:04:31,650 --> 00:04:35,490
‫You can manipulate the request and see how the API

100
00:04:35,490 --> 00:04:38,430
‫or the server reacts back.

101
00:04:38,430 --> 00:04:42,240
‫So you can try and try and try changing the parameters

102
00:04:42,240 --> 00:04:45,120
‫or changing the headers in this request.

103
00:04:45,120 --> 00:04:46,320
‫It's very good.

104
00:04:46,320 --> 00:04:48,390
‫For example, there's a decoder over here.

105
00:04:48,390 --> 00:04:51,990
‫You can decode or encode anything that you want.

106
00:04:51,990 --> 00:04:56,430
‫Like you can just write something and encode this as

107
00:04:56,430 --> 00:04:59,820
‫like base 65 or I don't know, HTML,

108
00:04:59,820 --> 00:05:02,160
‫or any kind of encryption.

109
00:05:02,160 --> 00:05:05,270
‫It's a very good tool actually, and we're gonna use a lot

110
00:05:05,270 --> 00:05:08,820
‫of modules from here, don't worry about it.

111
00:05:08,820 --> 00:05:11,760
‫All you gotta worry right now is to set it up

112
00:05:11,760 --> 00:05:13,950
‫and create a project.

113
00:05:13,950 --> 00:05:16,890
‫Once you do it, you can go to the options under

114
00:05:16,890 --> 00:05:20,010
‫the proxy module because you are going to have

115
00:05:20,010 --> 00:05:22,050
‫to change something over here.

116
00:05:22,050 --> 00:05:26,940
‫If you don't see this 127.0.01.8080,

117
00:05:26,940 --> 00:05:31,380
‫you can click on add and add this number over here.

118
00:05:31,380 --> 00:05:34,514
‫So Port should be 8080, okay?

119
00:05:34,514 --> 00:05:35,619
‫8080.

120
00:05:35,619 --> 00:05:40,619
‫And the host should be 127.0.01.

121
00:05:41,070 --> 00:05:45,480
‫Okay, so this is your local host with Port 8080.

122
00:05:45,480 --> 00:05:47,400
‫Why are we doing this?

123
00:05:47,400 --> 00:05:50,910
‫Because we are going to give the exact same number,

124
00:05:50,910 --> 00:05:54,900
‫exact same proxy numbers, to the browser as well.

125
00:05:54,900 --> 00:05:58,650
‫And all the other settings, as you you can see down here,

126
00:05:58,650 --> 00:06:02,212
‫should be just left alone, okay?

127
00:06:02,212 --> 00:06:04,800
‫And I'm going to turn on

128
00:06:04,800 --> 00:06:09,800
‫and turn off the intercept regularly while we're using this

129
00:06:09,840 --> 00:06:11,910
‫and I'm going to show you why.

130
00:06:11,910 --> 00:06:13,770
‫So, if you go to your browser right now.

131
00:06:13,770 --> 00:06:17,700
‫I'm using the Brave Browser but you can use Google Chrome,

132
00:06:17,700 --> 00:06:20,430
‫you can use Safari, you can use Fire Folks,

133
00:06:20,430 --> 00:06:22,290
‫anything you want.

134
00:06:22,290 --> 00:06:25,140
‫Brave is very cool so that's why I'm using it.

135
00:06:25,140 --> 00:06:30,140
‫Turn the intercept off for a minute and go to google.com.

136
00:06:30,510 --> 00:06:32,700
‫But because you need to download something

137
00:06:32,700 --> 00:06:36,930
‫called FoxyProxy, I believe this doesn't work in Safari

138
00:06:36,930 --> 00:06:41,250
‫but it works in Brave Chrome and Fire Folks as well.

139
00:06:41,250 --> 00:06:44,760
‫FoxyProxy is kind of an extension, okay?

140
00:06:44,760 --> 00:06:46,590
‫You can add it to Google Chrome,

141
00:06:46,590 --> 00:06:49,199
‫you can add it to Fire folks, Brave.

142
00:06:49,199 --> 00:06:51,897
‫All you gotta do is just search for it

143
00:06:51,897 --> 00:06:56,550
‫and find the extension website.

144
00:06:56,550 --> 00:07:00,300
‫So this is what I'm looking for, FoxyProxy Standard.

145
00:07:00,300 --> 00:07:02,734
‫As you can see, many users use it.

146
00:07:02,734 --> 00:07:07,680
‫So this is a very easy tool to change your proxy settings

147
00:07:07,680 --> 00:07:10,170
‫for the related browser.

148
00:07:10,170 --> 00:07:12,690
‫You will see some install button over here.

149
00:07:12,690 --> 00:07:16,092
‫I'm seeing remove button because I'm already using

150
00:07:16,092 --> 00:07:20,610
‫it inside of my terminal, inside of my browser.

151
00:07:20,610 --> 00:07:23,610
‫Here you go, I can see the FoxyProxy here.

152
00:07:23,610 --> 00:07:28,610
‫Once you install the FoxyProxy, you should open the options.

153
00:07:29,580 --> 00:07:33,330
‫In the options, you should give the exact same numbers

154
00:07:33,330 --> 00:07:36,630
‫that you have given to the Burpsuite.

155
00:07:36,630 --> 00:07:41,630
‫So I'm going to say 127.0.01 and, for the port,

156
00:07:41,730 --> 00:07:45,156
‫I'm just gonna say 8080, that's it.

157
00:07:45,156 --> 00:07:47,761
‫Of course you can change the port

158
00:07:47,761 --> 00:07:50,220
‫but it doesn't make sense.

159
00:07:50,220 --> 00:07:51,630
‫We are working with the web.

160
00:07:51,630 --> 00:07:54,510
‫You are intercepting the web requests and stuff.

161
00:07:54,510 --> 00:07:56,613
‫So go with the Port 8080.

162
00:07:57,930 --> 00:08:00,960
‫So you can give it a default name, you can delete it,

163
00:08:00,960 --> 00:08:04,530
‫you can edit it, you can add any kind of proxy you want.

164
00:08:04,530 --> 00:08:08,550
‫And after that, you can just use that proxy like this.

165
00:08:08,550 --> 00:08:10,350
‫So, if you use this proxy,

166
00:08:10,350 --> 00:08:15,350
‫if you use this 127.0.01 proxy over here with the Port 8080,

167
00:08:15,600 --> 00:08:19,740
‫and if you use the same proxy inside of the Burpsuite,

168
00:08:19,740 --> 00:08:24,690
‫as well, you can turn the intercept on like this.

169
00:08:24,690 --> 00:08:28,874
‫And right now, all your traffic will be directed through

170
00:08:28,874 --> 00:08:33,150
‫the Burpsuite so that you can capture the packets.

171
00:08:33,150 --> 00:08:34,890
‫It's very easy.

172
00:08:34,890 --> 00:08:36,660
‫Right now, let me show you what I mean.

173
00:08:36,660 --> 00:08:38,670
‫I'm just gonna open a new tab,

174
00:08:38,670 --> 00:08:41,940
‫or you can just go with this one, actually.

175
00:08:41,940 --> 00:08:44,790
‫You can click on something, okay.

176
00:08:44,790 --> 00:08:47,640
‫You can click on something like this, accessibility

177
00:08:47,640 --> 00:08:50,040
‫and as you can see, it stops.

178
00:08:50,040 --> 00:08:51,999
‫It doesn't go anywhere because

179
00:08:51,999 --> 00:08:55,560
‫it has been captured in the Burpsuite.

180
00:08:55,560 --> 00:09:00,560
‫Unless I forward this, it won't be delivered to the server.

181
00:09:01,440 --> 00:09:04,530
‫Or unless I turn the interception off,

182
00:09:04,530 --> 00:09:07,020
‫it won't be delivered to the server.

183
00:09:07,020 --> 00:09:10,230
‫Right now, I have this request packet.

184
00:09:10,230 --> 00:09:12,450
‫I can see this is a post request.

185
00:09:12,450 --> 00:09:16,942
‫I can see the endpoint that is directed to

186
00:09:16,942 --> 00:09:20,670
‫and I can see the cookie, I can see the headers,

187
00:09:20,670 --> 00:09:23,880
‫I can see the parameters, I can see everything.

188
00:09:23,880 --> 00:09:28,470
‫I can change it, or I can just turn the interception off

189
00:09:28,470 --> 00:09:31,140
‫and it will just forward it to the server

190
00:09:31,140 --> 00:09:33,810
‫and I can get the result back.

191
00:09:33,810 --> 00:09:36,090
‫Now, I will disable this proxies

192
00:09:36,090 --> 00:09:37,590
‫because I wanna show you something.

193
00:09:37,590 --> 00:09:42,210
‫Maybe if you did it, and if you didn't capture the packet,

194
00:09:42,210 --> 00:09:45,839
‫maybe you will need to install some kind of certificate.

195
00:09:45,839 --> 00:09:46,828
‫Okay?

196
00:09:46,828 --> 00:09:49,980
‫So if you come across in a situation like this,

197
00:09:49,980 --> 00:09:53,220
‫if your Burp doesn't work for some reason,

198
00:09:53,220 --> 00:09:54,930
‫you should google this.

199
00:09:54,930 --> 00:09:58,500
‫Install Burp certificate, okay?

200
00:09:58,500 --> 00:10:01,890
‫And of course, it will lead you to the portswigger.net

201
00:10:01,890 --> 00:10:04,770
‫one more time because, this is the company

202
00:10:04,770 --> 00:10:08,370
‫that has been developing the Burpsuite.

203
00:10:08,370 --> 00:10:11,880
‫It actually has a very good documentation.

204
00:10:11,880 --> 00:10:16,080
‫You can just see how to install it inside of Chrome,

205
00:10:16,080 --> 00:10:18,870
‫inside of Firefox, inside of Safari,

206
00:10:18,870 --> 00:10:21,390
‫and even Explorer as well.

207
00:10:21,390 --> 00:10:25,140
‫So if you come over here, so if you're using Brave,

208
00:10:25,140 --> 00:10:27,600
‫just go for the Chrome, okay?

209
00:10:27,600 --> 00:10:31,260
‫You can see the exact same steps for the Chrome

210
00:10:31,260 --> 00:10:33,360
‫and it actually has different steps

211
00:10:33,360 --> 00:10:38,126
‫for the Windows and Mac, and also for the Linux as well.

212
00:10:38,126 --> 00:10:42,000
‫So I'm going to show you my steps in order to do that

213
00:10:42,000 --> 00:10:44,310
‫but it's very easy to accomplish.

214
00:10:44,310 --> 00:10:48,593
‫All you need to do is just follow along these steps, okay?

215
00:10:48,593 --> 00:10:52,080
‫Just watch these steps and it will work.

216
00:10:52,080 --> 00:10:54,463
‫It's very easy to install.

217
00:10:54,463 --> 00:10:57,060
‫We're going to download some certificate

218
00:10:57,060 --> 00:10:59,820
‫and we are going to install it on our browser

219
00:10:59,820 --> 00:11:04,820
‫or on our system, and then it will trust the Burpsuite.

220
00:11:04,980 --> 00:11:07,140
‫Otherwise, maybe you are not able

221
00:11:07,140 --> 00:11:10,620
‫to connect to the HTPS site.

222
00:11:10,620 --> 00:11:12,390
‫So if you're using Linux, again,

223
00:11:12,390 --> 00:11:15,900
‫you can just see the documentation over here

224
00:11:15,900 --> 00:11:18,333
‫to install this on your machine.

225
00:11:19,350 --> 00:11:22,650
‫It's not very hard, I'm going to show you how to do it.

226
00:11:22,650 --> 00:11:24,000
‫Don't worry about it.

227
00:11:24,000 --> 00:11:25,950
‫But if you're Windows and Linux,

228
00:11:25,950 --> 00:11:29,250
‫the steps might be a little bit different.

229
00:11:29,250 --> 00:11:33,012
‫So I'm going to open the Burpsuite over here, okay?

230
00:11:33,012 --> 00:11:36,600
‫And I'm going to run Burpsuite,

231
00:11:36,600 --> 00:11:38,670
‫but I'm going to run Burpsuite like this,

232
00:11:38,670 --> 00:11:42,540
‫http://burpsuite, okay?

233
00:11:42,540 --> 00:11:45,900
‫Not burpsuite.com, but Burpsuite.

234
00:11:45,900 --> 00:11:50,820
‫Now, Burpsuite is running and I have changed my proxy,

235
00:11:50,820 --> 00:11:53,640
‫that's why I'm seeing this, okay?

236
00:11:53,640 --> 00:11:55,137
‫If you don't run the Burpsuite

237
00:11:55,137 --> 00:11:56,940
‫and if you don't change your proxy

238
00:11:56,940 --> 00:11:59,970
‫you won't be able to get the certificate.

239
00:11:59,970 --> 00:12:02,700
‫As you can see, I can see the CA certificate

240
00:12:02,700 --> 00:12:07,700
‫at the right hand side of this http://burpsuite.

241
00:12:08,580 --> 00:12:13,580
‫Download this on your desktop or whatever folder you want.

242
00:12:13,650 --> 00:12:15,300
‫And that's it.

243
00:12:15,300 --> 00:12:17,640
‫After downloading the certificate,

244
00:12:17,640 --> 00:12:19,740
‫the steps are a little bit different

245
00:12:19,740 --> 00:12:24,210
‫for Mac and Windows and Linux.

246
00:12:24,210 --> 00:12:25,711
‫In Mac and Windows,

247
00:12:25,711 --> 00:12:29,250
‫you have to just double click on the certificate

248
00:12:29,250 --> 00:12:33,540
‫and it will let you install it on your system.

249
00:12:33,540 --> 00:12:35,160
‫But in Linux, as you can see,

250
00:12:35,160 --> 00:12:38,250
‫you can go to the settings of the Chrome or settings

251
00:12:38,250 --> 00:12:42,240
‫of the Brave so that you can find the certificate

252
00:12:42,240 --> 00:12:46,230
‫and install it directly into the browser.

253
00:12:46,230 --> 00:12:49,890
‫You can see all the images, you can see all the steps

254
00:12:49,890 --> 00:12:53,400
‫that you need to do in order to install this certificate.

255
00:12:53,400 --> 00:12:56,733
‫But downloading the certificate is same for everyone.

256
00:12:56,733 --> 00:12:58,892
‫So, if you come over here,

257
00:12:58,892 --> 00:13:01,934
‫and if you go to the settings

258
00:13:01,934 --> 00:13:05,263
‫like this in the Brave settings, for example.

259
00:13:05,263 --> 00:13:07,350
‫I'm going to search for a certificate

260
00:13:07,350 --> 00:13:10,470
‫but I'm in a Mac, remember that.

261
00:13:10,470 --> 00:13:13,170
‫As you can see, it finds some certificates,

262
00:13:13,170 --> 00:13:16,024
‫like under the security, I believe, okay?

263
00:13:16,024 --> 00:13:20,730
‫And, if I come down here to the advanced site,

264
00:13:20,730 --> 00:13:24,624
‫I believe I can see the main certificates, okay?

265
00:13:24,624 --> 00:13:26,730
‫But once I click on that,

266
00:13:26,730 --> 00:13:29,583
‫it actually opens the key chain access.

267
00:13:30,420 --> 00:13:34,410
‫So key Chain Access is the tool that we use

268
00:13:34,410 --> 00:13:36,600
‫in the Mac operating system

269
00:13:36,600 --> 00:13:39,772
‫in order to store the certificates and stuff.

270
00:13:39,772 --> 00:13:42,960
‫So what I need to do, I need to double click on it

271
00:13:42,960 --> 00:13:44,700
‫and it will just add this

272
00:13:44,700 --> 00:13:48,210
‫to the key chain directly, automatically.

273
00:13:48,210 --> 00:13:50,340
‫But if you are not using Mac,

274
00:13:50,340 --> 00:13:53,970
‫or if you're not, if you're using Windows or Linux,

275
00:13:53,970 --> 00:13:56,820
‫then steps would be very similar.

276
00:13:56,820 --> 00:13:59,190
‫You can see the documentation yourself,

277
00:13:59,190 --> 00:14:01,560
‫but you will download the certificate

278
00:14:01,560 --> 00:14:04,770
‫in the exact same way that we have done.

279
00:14:04,770 --> 00:14:06,450
‫After that, for example,

280
00:14:06,450 --> 00:14:09,660
‫let me go to the Windows for the Internet Explorer.

281
00:14:09,660 --> 00:14:12,000
‫As you can see, it says that you have

282
00:14:12,000 --> 00:14:14,700
‫to run this as an administrator, okay.

283
00:14:14,700 --> 00:14:15,900
‫That is a a little bit different.

284
00:14:15,900 --> 00:14:19,901
‫You gotta right click and choose run as administrator

285
00:14:19,901 --> 00:14:24,420
‫and you can just say install certificate, okay?

286
00:14:24,420 --> 00:14:29,420
‫You have to visit http://burpsuite in all operating systems

287
00:14:29,610 --> 00:14:32,737
‫in order to download this certificate.

288
00:14:32,737 --> 00:14:36,268
‫And after installing the certificate,

289
00:14:36,268 --> 00:14:40,530
‫if you haven't been able to capture the packet

290
00:14:40,530 --> 00:14:44,130
‫that we have seen, now you will be able to,

291
00:14:44,130 --> 00:14:45,120
‫okay?

292
00:14:45,120 --> 00:14:47,463
‫Or you will be able to use the Burpsuite

293
00:14:47,463 --> 00:14:50,160
‫like in appropriate way right now.

294
00:14:50,160 --> 00:14:52,830
‫So make sure to install the certificate

295
00:14:52,830 --> 00:14:56,265
‫if you experience any kind of weirdness once you go

296
00:14:56,265 --> 00:15:00,153
‫to Burpsuite, once you open the Burpsuite project

297
00:15:00,153 --> 00:15:02,525
‫and then try again.

298
00:15:02,525 --> 00:15:04,500
‫So, don't forget that,

299
00:15:04,500 --> 00:15:07,860
‫if you're using Burp, then you should also

300
00:15:07,860 --> 00:15:11,310
‫use proxy settings, okay?

301
00:15:11,310 --> 00:15:15,930
‫Or otherwise you won't be able to browse the internet.

302
00:15:15,930 --> 00:15:19,305
‫So I'm gonna search my name and as you can see,

303
00:15:19,305 --> 00:15:22,800
‫I get the packet, I get the packet.

304
00:15:22,800 --> 00:15:25,530
‫If I forward this, if I forward this,

305
00:15:25,530 --> 00:15:28,590
‫it will be sent to the server,

306
00:15:28,590 --> 00:15:30,720
‫it'll be sent to the Google servers.

307
00:15:30,720 --> 00:15:33,090
‫But if I don't forward the packets

308
00:15:33,090 --> 00:15:36,630
‫that will just get stuck on the main Google page.

309
00:15:36,630 --> 00:15:38,100
‫Here you go.

310
00:15:38,100 --> 00:15:39,030
‫Now, as you can see,

311
00:15:39,030 --> 00:15:42,900
‫we see all the details regarding me inside of Google

312
00:15:42,900 --> 00:15:45,450
‫and we are still capturing the packets,

313
00:15:45,450 --> 00:15:48,150
‫because Google's making some requests

314
00:15:48,150 --> 00:15:52,260
‫to their APIs and maybe their other services.

315
00:15:52,260 --> 00:15:53,850
‫I dunno, many things,

316
00:15:53,850 --> 00:15:55,860
‫but we can see all the traffic

317
00:15:55,860 --> 00:15:57,960
‫and we can even capture the traffic

318
00:15:57,960 --> 00:16:00,720
‫and manipulate it in a way that we want.

319
00:16:00,720 --> 00:16:04,350
‫That is how we set the Ports Swigger Burpsuite up.

320
00:16:04,350 --> 00:16:06,720
‫Of course, if you already have that running

321
00:16:06,720 --> 00:16:11,310
‫and working as properly in a way that you want,

322
00:16:11,310 --> 00:16:14,280
‫then I believe you already skip this lecture.

323
00:16:14,280 --> 00:16:16,500
‫But if not, it's a new great tool

324
00:16:16,500 --> 00:16:19,110
‫that you will learn during this section.

325
00:16:19,110 --> 00:16:20,370
‫So, we're gonna stop here

326
00:16:20,370 --> 00:16:23,163
‫and continue with the Postman installation.