1
00:00:00,810 --> 00:00:06,480
In this video, I will teach you how you can automate the task of Crosseyed scripting attacks, right.

2
00:00:07,110 --> 00:00:11,190
In the previous videos, we have seen how we can use Access's attacks manually.

3
00:00:11,340 --> 00:00:14,590
Now, this time we will see how we can use it automatically.

4
00:00:14,910 --> 00:00:20,750
So for this, I am using colonics and I'm using a tool called Batsuit.

5
00:00:22,110 --> 00:00:28,140
Now, I hope you all remember that in my previous videos, when I am explaining a skill in attacks,

6
00:00:28,140 --> 00:00:32,610
I have used the same tool to bypass Glenside cybersecurity right now.

7
00:00:32,620 --> 00:00:39,200
This time we will use this tool to automate the process of attacking on a website.

8
00:00:39,250 --> 00:00:40,920
OK, using payloads.

9
00:00:44,630 --> 00:00:46,430
Let's configure our browser.

10
00:00:48,220 --> 00:00:53,500
So in Cali, we will get fired for so let's open our browser.

11
00:00:57,690 --> 00:00:58,920
Go to preferences.

12
00:01:04,430 --> 00:01:09,950
And then go to L.A. and then to network them, right, and then go to settings.

13
00:01:15,320 --> 00:01:22,220
And in settings, we have to enter the IP address of localhost, so it would be.

14
00:01:24,970 --> 00:01:36,010
One is seven, dot or dot, dot, dot, one and board number would be eight zero eight zero and click

15
00:01:36,010 --> 00:01:36,310
on.

16
00:01:39,340 --> 00:01:40,270
And close this.

17
00:01:42,380 --> 00:01:44,120
OK, so now.

18
00:01:45,440 --> 00:01:48,830
Our browser is ready to use batsuit.

19
00:01:50,720 --> 00:01:53,660
OK, so let's switch to batsuit.

20
00:01:55,580 --> 00:02:02,900
So now bobsled is running, so let's switch to our browser and let's try to open our website.

21
00:02:04,440 --> 00:02:11,560
So website would be best BHB dot one, the web.

22
00:02:20,670 --> 00:02:24,020
OK, now let's switch to batsuit again.

23
00:02:26,400 --> 00:02:35,740
Go to proxy and send this request to spider, so click on Send to Spider.

24
00:02:36,780 --> 00:02:39,360
OK, click yes.

25
00:02:40,350 --> 00:02:43,080
And make intercept of.

26
00:02:44,860 --> 00:02:48,520
OK, now let's switch to Target.

27
00:02:51,990 --> 00:03:00,420
OK, so here is our website, and the spider is crawling all of the pages and will tell you that which

28
00:03:00,420 --> 00:03:03,870
of these pages will help input parameters.

29
00:03:03,900 --> 00:03:04,310
OK.

30
00:03:06,970 --> 00:03:12,920
So to fill out the reserves, double click on Barometer's so one and two.

31
00:03:13,790 --> 00:03:20,290
OK, so these are the number of you are quite a number of pages on a website.

32
00:03:20,470 --> 00:03:22,360
Vittel input parameters.

33
00:03:22,370 --> 00:03:22,690
Right.

34
00:03:22,810 --> 00:03:27,970
So you have to try your payload attacks on each of these Web pages.

35
00:03:28,150 --> 00:03:30,550
OK, so let's try this one.

36
00:03:31,570 --> 00:03:31,930
OK.

37
00:03:31,990 --> 00:03:33,670
It says guestbook dot bhb.

38
00:03:34,060 --> 00:03:34,600
So right.

39
00:03:34,600 --> 00:03:37,680
Click and click on to reporter.

40
00:03:38,410 --> 00:03:38,830
OK.

41
00:03:39,520 --> 00:03:41,110
And now let's switch to the Twitter.

42
00:03:42,550 --> 00:03:46,990
See the job of Spider is to crawl out of the pages from a web website.

43
00:03:46,990 --> 00:03:47,350
Right.

44
00:03:48,340 --> 00:03:52,210
And then it will tell us that which of these pages have input parameters.

45
00:03:52,640 --> 00:03:55,390
And once we found we have to send each of a page to.

46
00:03:55,990 --> 00:03:58,800
OK, now we are here on Rippetoe.

47
00:03:59,410 --> 00:04:03,540
So let's check which of the input parameter is available.

48
00:04:04,540 --> 00:04:06,500
So we have to input parameters.

49
00:04:06,940 --> 00:04:08,100
This would be the first one.

50
00:04:09,070 --> 00:04:14,210
So let's try helo one and this would be the second one.

51
00:04:14,630 --> 00:04:16,630
OK, so let's try.

52
00:04:19,730 --> 00:04:22,950
Hello to again click on Go.

53
00:04:24,800 --> 00:04:29,100
And here we have a reflection of this Web page.

54
00:04:29,240 --> 00:04:31,760
So let's check whether we have hello or not.

55
00:04:31,790 --> 00:04:36,900
OK, so we have got one, which means the first input barometer is vulnerable.

56
00:04:37,190 --> 00:04:38,840
OK, once we got this.

57
00:04:40,040 --> 00:04:43,340
Now we have to send this to intruder in the interactive.

58
00:04:43,340 --> 00:04:45,920
It will help us to perform payload attacks.

59
00:04:46,160 --> 00:04:55,300
OK, so here in the options in the payload, first we have to add some payloads.

60
00:04:55,350 --> 00:05:01,820
OK, so if you're able to see let me show you here on my desktop.

61
00:05:04,150 --> 00:05:07,660
That I have a file called Exercice Payloads.

62
00:05:07,690 --> 00:05:13,570
OK, so this particular file will contain hundreds of payloads.

63
00:05:13,600 --> 00:05:18,270
OK, so there is no need to check all of them one by one manually.

64
00:05:18,610 --> 00:05:18,930
Right.

65
00:05:20,020 --> 00:05:24,650
So to save our time, load that file here in boxset.

66
00:05:24,730 --> 00:05:27,070
OK, so the file would be on deck.

67
00:05:27,070 --> 00:05:30,970
Stop and let us open the file in bobsled.

68
00:05:31,180 --> 00:05:34,930
OK, so this much of the script is available in that file.

69
00:05:34,990 --> 00:05:35,370
OK.

70
00:05:37,220 --> 00:05:39,740
Right now.

71
00:05:43,960 --> 00:05:50,830
OK, now we're in position, Steib, first you had to clear all of the selected items and then select

72
00:05:50,830 --> 00:05:54,790
the particular input parameter on which you want to perform the attack.

73
00:05:55,030 --> 00:06:00,850
OK, so I want to perform the attack on input parameter one on one.

74
00:06:01,600 --> 00:06:04,330
So select this and click on ADD.

75
00:06:04,750 --> 00:06:14,730
OK, Brunsdon, my previous virtual machine is working very slow, so I decided to boot up another colonics

76
00:06:14,740 --> 00:06:15,420
virtual machine.

77
00:06:15,550 --> 00:06:19,020
Don't worry, all of the settings will be same as earlier.

78
00:06:19,480 --> 00:06:22,510
OK, so all set.

79
00:06:23,680 --> 00:06:25,960
Simply click on stop attack.

80
00:06:26,230 --> 00:06:29,200
OK, click.

81
00:06:29,200 --> 00:06:36,650
OK, and now we just have to wait until it finishes using all of the payloads.

82
00:06:36,910 --> 00:06:39,310
Now here, keep in mind one thing.

83
00:06:39,970 --> 00:06:46,760
When the requestor payload is set to zero, so this length which is five five eight one, is the original

84
00:06:46,760 --> 00:06:48,010
length of a webpage.

85
00:06:48,040 --> 00:06:50,260
OK, so the length more than this.

86
00:06:50,840 --> 00:06:52,710
OK, like this and this.

87
00:06:53,050 --> 00:06:58,220
So all these links or all these payloads are working on that web page.

88
00:06:58,250 --> 00:07:00,700
OK, and the size below this.

89
00:07:01,240 --> 00:07:04,030
So there are more chances that this will not work.

90
00:07:04,360 --> 00:07:11,680
OK, so whenever you want to try any payload to try the payload, which has lent more than this.

91
00:07:11,710 --> 00:07:15,160
OK, so let's try this one right.

92
00:07:15,160 --> 00:07:18,760
Click and click on short response in browser.

93
00:07:19,450 --> 00:07:30,690
OK, click on copy, switch to Firefox, ok, and paste the copied.

94
00:07:30,700 --> 00:07:32,800
You are in here and hit enter.

95
00:07:34,030 --> 00:07:37,950
OK, now we have to wait and it will show us the response.

96
00:07:37,950 --> 00:07:41,050
See Accessors attack is working here.

97
00:07:41,050 --> 00:07:43,960
OK, so our payload is working right.

98
00:07:44,620 --> 00:07:46,700
So this way you can automate the task.

99
00:07:47,330 --> 00:07:49,390
OK, so let's try one more.

100
00:07:50,680 --> 00:07:53,940
Let's say this script, let's try this one as well.

101
00:07:54,340 --> 00:07:56,020
Click on show response in browser.

102
00:07:56,740 --> 00:07:57,460
Copy this.

103
00:07:58,300 --> 00:08:05,070
OK, switch to Firefox and based in the United hit enter.

104
00:08:07,180 --> 00:08:09,060
See it worked right.

105
00:08:09,430 --> 00:08:16,630
So this way you will know which of your script or payloads are working on which of the web page of a

106
00:08:16,630 --> 00:08:17,280
website.

107
00:08:17,320 --> 00:08:17,600
Right.

108
00:08:17,860 --> 00:08:21,520
So it would be going to save you a lot of time and energy.

109
00:08:21,960 --> 00:08:30,760
OK, so this is the easiest way of performing your script or your payload attacks on a webpage automatically.