1
00:00:01,180 --> 00:00:09,460
OK, this section is important, even though it will be a short one, you will find using Burset a lot.

2
00:00:10,070 --> 00:00:16,570
But before we get to setting it up, let's first briefly discuss what it is.

3
00:00:17,840 --> 00:00:22,670
Perhaps it is a platform specifically designed for testing of Web applications.

4
00:00:23,180 --> 00:00:29,930
It has many tools that make testing process much easier, and it's also used as a proxy.

5
00:00:30,960 --> 00:00:37,500
Not a proxy in the sense that it will hide your IP address, but proxy in the sense that it will allow

6
00:00:37,500 --> 00:00:44,690
us to inspect all the packets and HTTP requests and responses that we do while visiting a certain page,

7
00:00:45,330 --> 00:00:52,620
it will allow us to intercept different requests, modify them and then forward them to the Web page

8
00:00:52,620 --> 00:00:54,500
or to drop them if we choose to.

9
00:00:55,020 --> 00:01:00,210
Burset is considered number one tool for bug bounty for many penetration testers.

10
00:01:01,450 --> 00:01:07,180
In this section, we're going to set it up and check out some basic options that it has and the rest

11
00:01:07,180 --> 00:01:09,490
of it, we will practice throughout the course.

12
00:01:10,390 --> 00:01:17,050
Let's first start off by configuring it as a proxy for our Firefox, so to do that, the first thing

13
00:01:17,050 --> 00:01:25,100
that we want to do is we want to open terminal and start our Pepcid, and we can do that by typing it

14
00:01:25,180 --> 00:01:27,730
inside of our terminal press enter.

15
00:01:28,240 --> 00:01:31,650
And in just a few seconds, we will get the opening menu for this.

16
00:01:32,650 --> 00:01:37,870
And unlike many other tools that we use before, this tool has a graphic user interface, so it will

17
00:01:37,870 --> 00:01:40,660
be much easier to use and to navigate through.

18
00:01:41,540 --> 00:01:49,940
If you get this community addition warning, you can click here on OK, and in a few seconds we will

19
00:01:49,940 --> 00:01:51,660
get to open Burset.

20
00:01:52,620 --> 00:01:59,100
OK, here is the opening window, you can leave this checked or unchecked, whatever you like and click

21
00:01:59,100 --> 00:02:00,390
on, I accept.

22
00:02:02,110 --> 00:02:08,050
Once this window opens up and you might also get this window opened up, which says an update is available,

23
00:02:08,050 --> 00:02:12,280
you can update it now, but if you get it, just click on Close for now.

24
00:02:12,550 --> 00:02:20,950
And here, select a temporary project, click on next and use burb defaults and click on Start Berp.

25
00:02:22,010 --> 00:02:27,410
This will open our project in just a few seconds and then we will be fully able to use it.

26
00:02:27,830 --> 00:02:33,980
Now, one more thing to mention is that it has a community edition and professional edition.

27
00:02:34,400 --> 00:02:38,540
A community edition is free while professional edition is paid.

28
00:02:38,540 --> 00:02:43,820
And it does allow us some other additional options that we can use with this tool.

29
00:02:44,720 --> 00:02:48,110
However, for this course, we will be using the free community edition.

30
00:02:48,990 --> 00:02:53,220
Once it opens up, you will get a window that looks something like this.

31
00:02:54,190 --> 00:03:00,100
Let me enlarge it, and I know that there are many things happening right now, but don't worry, all

32
00:03:00,100 --> 00:03:01,020
of this is simple.

33
00:03:01,690 --> 00:03:05,990
First thing that we want to do in order to configure it with our Firefox as a proxy.

34
00:03:06,460 --> 00:03:09,160
We want to navigate right here on proxy.

35
00:03:10,590 --> 00:03:17,220
Make sure that this intercept is off by clicking on it, it will simply just say intercept is now off.

36
00:03:18,200 --> 00:03:25,110
Then navigate to the options and make sure that you have in this small window one twenty seven zero

37
00:03:25,280 --> 00:03:30,830
zero, that one on Port 80 80 and make sure that you also have it checked.

38
00:03:31,160 --> 00:03:36,530
If you don't have this option right here, just click on ADD and you can add it right here.

39
00:03:36,890 --> 00:03:39,620
Since I already have it, I'm not going to add anything.

40
00:03:39,620 --> 00:03:41,720
I'm just going to leave it as it is.

41
00:03:42,560 --> 00:03:46,510
And the next step that I want to do is start our Firefox.

42
00:03:47,090 --> 00:03:51,260
Once you start over Firefox, we want to navigate to Firefox settings.

43
00:03:51,590 --> 00:03:54,320
You can do that by going on these three lines.

44
00:03:55,240 --> 00:03:59,050
Scroll a little bit down onto the preferences, click on that.

45
00:04:00,300 --> 00:04:07,230
And under the general settings, we want to scroll all the way down until we get to network settings

46
00:04:07,260 --> 00:04:11,910
right here in the network settings, click on the settings button.

47
00:04:13,630 --> 00:04:19,360
And it'll open the first setting, which is a proxy configuration, which should, by default be set

48
00:04:19,360 --> 00:04:20,390
to no proxy.

49
00:04:21,160 --> 00:04:26,920
We want to change it right now to Manuell proxy configuration and in the manual proxy configuration

50
00:04:26,920 --> 00:04:35,220
under the HTP proxy tab, we want to select one twenty seven zero zero, that one as an IP address on

51
00:04:35,230 --> 00:04:41,560
board 880, the same settings that we have inside of our Burset under the options tab.

52
00:04:42,800 --> 00:04:50,480
Once you set it right here, check this option as well, that says also use this proxy for FTP and https

53
00:04:50,480 --> 00:04:54,650
and it will autofill these two fields with the same settings.

54
00:04:55,490 --> 00:04:58,520
Once you have it looking like this, click on OK.

55
00:04:59,940 --> 00:05:05,550
And if you try to visit any HTP page right now, for example, I will go to this page.

56
00:05:07,020 --> 00:05:11,070
Just make sure that it is an HTTP page and not an https.

57
00:05:11,640 --> 00:05:18,270
And if it is an HTP, it will successfully load the page and you will notice that it also does do it

58
00:05:18,270 --> 00:05:25,410
a little bit slower because right now all of our connection is going through our burset, through our

59
00:05:25,410 --> 00:05:25,970
proxies.

60
00:05:25,980 --> 00:05:27,990
We can see here is the link right here.

61
00:05:29,160 --> 00:05:36,420
But if you tried to, for example, visit any HTP page, let's go to Facebook dot com, for example.

62
00:05:37,800 --> 00:05:42,700
It will give you this error did not connect potential security issue.

63
00:05:43,530 --> 00:05:49,560
Now, in order to fix this, we must download the birth certificate and add it to our Firefox certificates.

64
00:05:50,010 --> 00:05:51,060
How can we did it?

65
00:05:51,720 --> 00:06:01,500
Open another tab, navigate to HTP to birth, visit that link and it will open a window like this.

66
00:06:02,740 --> 00:06:07,090
On this window, we have this button right here that says see a certificate.

67
00:06:08,060 --> 00:06:08,810
Click on that.

68
00:06:10,500 --> 00:06:19,110
And save file, click on OK, and it will download this file for us, which will be in our download

69
00:06:19,140 --> 00:06:19,740
directory.

70
00:06:21,030 --> 00:06:28,200
After we do that, we want to go back to our Firefox's settings and we want to navigate to privacy and

71
00:06:28,200 --> 00:06:34,950
security tab, once again, we want to scroll all the way down until we get to the option that says

72
00:06:34,950 --> 00:06:36,570
certificate's right here.

73
00:06:37,470 --> 00:06:44,880
Then click on View certificates, and here we want to import the file that we just downloaded, how

74
00:06:44,880 --> 00:06:45,490
can we do that?

75
00:06:45,510 --> 00:06:51,950
Well, simply just click on import, navigate to the downloads directory and select the file that we

76
00:06:51,960 --> 00:06:54,090
just downloaded and click on it.

77
00:06:55,210 --> 00:07:00,760
Once it opens this window, check both of these options that says trust this certificate to identify

78
00:07:00,760 --> 00:07:07,300
websites and trust this certificate to identify emailed users, check both of them and click on OK,

79
00:07:07,990 --> 00:07:09,890
then you can click on OK right here as well.

80
00:07:10,390 --> 00:07:15,360
And now we should be able to fully use our Firefox and we have completed the purpose it set up.

81
00:07:15,790 --> 00:07:20,590
Let's double check again on Facebook whether we can visit https page.

82
00:07:22,130 --> 00:07:27,560
And right now, it loads it without any error, and we can also see if we go to the target, Tabin,

83
00:07:27,560 --> 00:07:34,760
our Burset, we can see that we successfully loaded https, Facebook dot com, and that's pretty much

84
00:07:34,760 --> 00:07:35,030
it.

85
00:07:35,420 --> 00:07:41,960
If you can load both HTP and https pages after configuring Burset, then you are good to go.

86
00:07:42,560 --> 00:07:47,170
In the next couple of videos, we're going to check out some stuff that Burset allows us to do.