1
00:00:00,600 --> 00:00:04,870
So, as you know that we have increased the security level too arrogant.

2
00:00:05,490 --> 00:00:15,930
Now if I drive Alcmene and password as single code, it says dangerous characters detected OK, which

3
00:00:15,930 --> 00:00:22,920
means it is filtering out these kind of characters so we are not able to use as fuel injection here.

4
00:00:24,090 --> 00:00:30,850
Now, we are not sure whether the filtering is happening on the client side or on the server side.

5
00:00:31,290 --> 00:00:35,070
So to find it out, we are going to use both.

6
00:00:35,070 --> 00:00:35,520
Sweet.

7
00:00:36,210 --> 00:00:42,450
OK, so by proxy will help us to determine whether the filtering is happening on the client side or

8
00:00:42,450 --> 00:00:43,330
on the server side.

9
00:00:43,950 --> 00:00:47,520
So here is the or simply click this and it will open.

10
00:00:50,380 --> 00:00:53,650
Here it is right now.

11
00:00:55,030 --> 00:01:03,370
The function of batsuit is whenever we try to load any website using a browser, the request for us

12
00:01:03,370 --> 00:01:10,190
to go to our website and once we forward the request, only then we will able to access to that website.

13
00:01:10,960 --> 00:01:13,690
Right now, let's see what I mean by that.

14
00:01:14,650 --> 00:01:23,010
So if you try to access Mattilda homepage right now, it's running.

15
00:01:23,020 --> 00:01:27,670
OK, so we have to perform some changes in security settings.

16
00:01:27,670 --> 00:01:31,780
So go to be friends and their friends.

17
00:01:32,020 --> 00:01:35,590
We have to search for exwife that is Nego proxy.

18
00:01:35,710 --> 00:01:36,610
Go to settings.

19
00:01:40,530 --> 00:01:47,820
And now here simply click on Menville proxy configuration, enter the local IP here and both numbers

20
00:01:47,830 --> 00:01:50,370
would be eighty eighty click on OK.

21
00:01:51,900 --> 00:01:55,130
Right now let's try to reload the page.

22
00:01:56,130 --> 00:01:58,370
OK, this time it's rating.

23
00:01:58,800 --> 00:02:00,460
So let's switch to Bob.

24
00:02:02,180 --> 00:02:06,230
OK, here we received the request, now let's forward this request.

25
00:02:08,450 --> 00:02:15,070
Right now, let's switch back to our browser and you can see that the home page is open now, right?

26
00:02:15,590 --> 00:02:17,600
So let's go to login page again.

27
00:02:19,750 --> 00:02:28,840
Again, we have to go to Buckfast and forward the request, only then we will able to get our login

28
00:02:28,840 --> 00:02:29,260
page.

29
00:02:31,250 --> 00:02:31,730
Now.

30
00:02:34,060 --> 00:02:41,380
As you know, if I type any of the ESKIL injection, it says dangerous, get it detected, but if I

31
00:02:41,380 --> 00:02:47,290
typed in Bulbasaur like ABCDE, OK and hit enter, nothing happens, OK?

32
00:02:47,300 --> 00:02:50,710
You were not able to see error like bad characters and all.

33
00:02:50,860 --> 00:02:55,050
OK, but still this password is not correct.

34
00:02:55,390 --> 00:02:57,610
So let's see how we can bypass this.

35
00:02:59,410 --> 00:03:05,990
So OK, it is waiting for the request to forward in bulk.

36
00:03:06,010 --> 00:03:13,840
So let's forward this request and see it is bad username and password OK.

37
00:03:15,220 --> 00:03:16,960
Which is authentication error.

38
00:03:17,140 --> 00:03:19,750
It is not filtering out the simple characters.

39
00:03:19,750 --> 00:03:20,110
Right.

40
00:03:20,740 --> 00:03:26,680
So now let's see this time we use Eskil injection.

41
00:03:26,680 --> 00:03:28,710
I'm using single and hit enter.

42
00:03:30,070 --> 00:03:39,190
So see this request is not going on Boxwood, which means it is filtering out the dangerous characters

43
00:03:39,640 --> 00:03:41,490
on the web page itself.

44
00:03:41,830 --> 00:03:48,040
OK, before sending it to the boat, which means the filtering is happening on the claim side and not

45
00:03:48,040 --> 00:03:49,050
on the server side.

46
00:03:50,110 --> 00:03:52,420
So let's see how we can bypass this.

47
00:03:52,660 --> 00:04:01,900
So let's take the simple password fake ABCDs F hit enter and let's switch to Bob now here.

48
00:04:02,920 --> 00:04:05,900
Don't forward the request to go to bed, OK?

49
00:04:05,920 --> 00:04:09,750
We just barometer's and here is the password.

50
00:04:09,790 --> 00:04:19,570
OK, so let's change the password to the previous one which we have using the previous Videojet, this

51
00:04:19,570 --> 00:04:19,810
one.

52
00:04:21,070 --> 00:04:25,750
So let's copy this and paste the password here.

53
00:04:26,260 --> 00:04:29,830
OK, now forward the request.

54
00:04:30,520 --> 00:04:32,800
OK, forward again.

55
00:04:34,990 --> 00:04:42,910
Now let's switch back to browser and you will see that we are successfully logged in as admin.

56
00:04:43,450 --> 00:04:43,810
Right.