Wednesday, May 31, 2023

BurpSuite Introduction & Installation



What is BurpSuite?
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.











Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.

BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.

Requirements and assumptions:

Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed

Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.

on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/


If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.


Video for setup and installation.




You need to install compatible version of java , So that you can run BurpSuite.
Related word

  1. Tools Used For Hacking
  2. Computer Hacker
  3. Hacking Tools For Beginners
  4. Hack Tool Apk
  5. Pentest Tools Free
  6. Hacker
  7. Hacks And Tools
  8. Hacker Techniques Tools And Incident Handling
  9. Hack Tools
  10. Beginner Hacker Tools
  11. Hacking Tools Hardware
  12. Hack Tools 2019
  13. Hacking Tools Download
  14. Hacking Tools Hardware
  15. Best Hacking Tools 2020
  16. Nsa Hack Tools
  17. Nsa Hacker Tools
  18. Pentest Tools Tcp Port Scanner
  19. Hack Tools Mac
  20. How To Install Pentest Tools In Ubuntu
  21. What Is Hacking Tools
  22. Hacker Tools List
  23. Hack Tools For Ubuntu
  24. Pentest Tools Framework
  25. Github Hacking Tools
  26. Hacking Tools 2020
  27. World No 1 Hacker Software
  28. Hack Tools Mac
  29. Hacker Tools For Ios
  30. Pentest Tools Windows
  31. Android Hack Tools Github
  32. Hacking App
  33. Pentest Tools For Windows
  34. Pentest Tools Kali Linux
  35. Top Pentest Tools
  36. Wifi Hacker Tools For Windows
  37. Install Pentest Tools Ubuntu
  38. Hack Tools 2019
  39. Pentest Tools Framework
  40. What Are Hacking Tools
  41. Hack And Tools
  42. Hack Tools Online
  43. Install Pentest Tools Ubuntu
  44. Hacker Tools Free
  45. Hacking Tools And Software
  46. Pentest Tools Online
  47. Nsa Hack Tools
  48. Pentest Box Tools Download
  49. Hacker Tools Free Download
  50. Hacking Apps
  51. Pentest Tools Free
  52. Pentest Tools Website Vulnerability
  53. Hacking Tools Usb
  54. Hacker Tools Software
  55. Hack Tools For Games
  56. Bluetooth Hacking Tools Kali
  57. Hacker Tools Free
  58. Hacking Apps
  59. Pentest Tools Apk
  60. Hacking Tools Software
  61. Hack Tools For Pc
  62. Hacking Apps
  63. Hack Tools
  64. Hacker Tools List
  65. Hackrf Tools
  66. Pentest Tools Android
  67. Hack Tools 2019
  68. Pentest Tools Find Subdomains
  69. Hack Website Online Tool
  70. Hacker Tools Windows
  71. Pentest Box Tools Download
  72. Hacking Tools And Software
  73. Hacker Tools Apk Download
  74. Hacking Tools 2019
  75. Hacking Tools Hardware
  76. Pentest Tools Windows
  77. Hacker Tools Linux
  78. Pentest Tools Kali Linux
  79. Pentest Tools Linux
  80. How To Install Pentest Tools In Ubuntu
  81. Pentest Tools Windows
  82. Hacking App
  83. Hacker Hardware Tools
  84. Hack Tools For Windows
  85. Beginner Hacker Tools
  86. Pentest Tools Free
  87. Hacking Tools For Pc
  88. Hacker Tools For Mac
  89. Pentest Tools For Windows
  90. Hacking Tools For Mac
  91. Hack Tool Apk
  92. Pentest Tools Url Fuzzer
  93. Hacking Tools Windows
  94. New Hack Tools
  95. Pentest Tools Open Source
  96. Pentest Tools Website Vulnerability
  97. Hacking Tools Online
  98. Hack Tools For Pc
  99. Hacking Tools Online
  100. Usb Pentest Tools
  101. Tools Used For Hacking
  102. Hack Apps
  103. Install Pentest Tools Ubuntu
  104. Pentest Recon Tools
  105. Pentest Tools Bluekeep
  106. Hacks And Tools
  107. Pentest Tools Windows
  108. Easy Hack Tools
  109. Underground Hacker Sites
  110. Best Pentesting Tools 2018
  111. Best Hacking Tools 2020
  112. Hacking Tools Kit
  113. Hacking Tools Windows 10
  114. Pentest Tools Tcp Port Scanner
  115. Pentest Box Tools Download
  116. Easy Hack Tools
  117. Wifi Hacker Tools For Windows
  118. Github Hacking Tools
  119. Growth Hacker Tools
  120. Hack Tools For Mac
  121. Hacker Tools Github
  122. Install Pentest Tools Ubuntu
  123. Pentest Tools Online
  124. Hacking Tools Download
  125. Android Hack Tools Github
  126. Hacker Tools Mac
  127. Hack Tool Apk No Root
  128. Pentest Tools Linux
  129. Hacker Security Tools
  130. Pentest Box Tools Download
  131. Hacker Tool Kit
  132. Hacking Tools Usb
  133. Hacking Tools And Software
  134. How To Hack
  135. How To Hack
  136. Growth Hacker Tools
  137. Pentest Tools Nmap
  138. Hack Tools Online
  139. Hack Tools Mac
  140. Pentest Tools Tcp Port Scanner
  141. Hack Tool Apk No Root
  142. Android Hack Tools Github
  143. Hacking Tools Pc
  144. Hacker Hardware Tools
  145. Nsa Hacker Tools
  146. Hack Tools Mac
  147. Ethical Hacker Tools
  148. Hacking Tools For Kali Linux
  149. Hacking Tools Free Download
Posted by at No comments:

Linux Command Line Hackery Series - Part 3


Welcome back, hope you are enjoying this series, I don't know about you but I'm enjoying it a lot. This is part 3 of the series and in this article we're going to learn some new commands. Let's get started

 Command: w
Syntax:      w
Function:   This simple function is used to see who is currently logged in and what they are doing, that is, their processes.

 Command:  whoami
Syntax:       whoami
Function: This is another simple command which is used to print  the  user  name  associated  with the current effective user ID.

 Try it and it will show up your user name.

 If you want to know information about a particular user no matter whether it is you or someone else there is a command for doing that as well.

 Command: finger
Syntax:      finger [option] [username]
Function:   finger is a user information lookup program. The [] around the arguments means that these arguments are optional this convention is used everywhere in this whole series.

 In order to find information about your current user you can simply type:

 finger username

 Here username is your current username.
To find information about root you can type:

 finger root

 and it will display info about root user.

 Command: uname
Syntax:      uname [options]
Function:   uname is used to display information about the system.

 uname is mostly used with the flag -a, which means display all information like this:

 uname -a

 Command: df
Syntax:      df [option] [FILE ...] 
Function:   df is used to display the amount of space available.
If you type df in your terminal and then hit enter you'll see the used and available space of every drive currently mounted on the system. However the information is displayed in block-size, which is not so much human friendly. But don't worry we can have a human friendly output as well using df by typing:

 df -h

 the -h flag is used to display the used and available space in a more user friendly format.
We can also view the info of a single drive by specifying the drive name after df like this:

 df -h /dev/sda2

 That's it for now about df, let's move on.

 Command:  free
Syntax:       free [options]
Function:    free is used to display the amount of free and used physical memory and swap memory in the system.
Again the displayed information is in block-size to get a more human readable format use the -h flag like this:

 free -h

 Command: cal
Syntax:      cal [options]
Function:    cal stands for calendar. It is used to display the calendar.

 If you want to display current date on the calendar you can simply type:

 cal

 and wohooo! you get a nice looking calendar on screen with current date marked but what if you want to display calendar of a previous month well you can do that as well. Say you want to display calendar of Jan 2010, then you'll have to type:

 cal -d 2010-01

 Nice little handy tool, isn't it?

Command: file
Syntax:      file filename ...
Function:   file is an awesome tool, it's used to classify a file. It is used to determine the file type.

 Let's demonstrate the usage of this command by solving a Noob's CTF challenge using file and base64 commands. We'll talk about base64 command in a bit. Go to InfoSecInstitute CTF Website. What you need to do here is to save the broken image file on your local computer in your home directory. After saving the file open your terminal (if it isn't already). Move to your home directory and then check what type of file it is using the file command:

 cd
file image.jpg

 Shocking output? The file command has identified the above file as an ASCII text file which means the above file is not an image file rather it is a text file now it's time to see it's contents so we'll type:

 cat image.jpg

 What is that? It's some kind of gibberish. Well it's base64 encoded text. We need to decode it. Let's learn how to do that.

 Command: base64
Syntax:       base64 [option] FILE ...
Function:    base64 command is used to encode/decode data and then print it to stdout.

 If we're to encode some text in base64 format we'd simply type base64 hit enter and then start typing the text in the terminal after you're done hit enter again and then press CTRL+D like this:

 base64
some text here
<CTRL+D>
c29tZSB0ZXh0IGhlcmUK        # output - the encoded string

 But in the above CTF we've got base64 encoded data we need to decode it, how are we going to do that? It's simple:

 base64 -d image.jpg

 There you go you've captured the flag.
The -d flag here specifies that we want to decode instead of encode and after it is the name of file we want to decode.

 Voila!
So now you're officially a Hacker! Sorry no certificates available here :)

 That's it for this article meet ya soon in the upcoming article.
Read more
Posted by at No comments:

Mythbusters: Is An Open (Unencrypted) WiFi More Dangerous Than A WPA2-PSK? Actually, It Is Not.

Introduction


Whenever security professionals recommend the 5 most important IT security practices to average users, one of the items is usually something like: "Avoid using open Wifi" or "Always use VPN while using open WiFi" or "Avoid sensitive websites (e.g. online banking) while using open WiFI", etc.

What I think about this? It is bullshit. But let's not jump to the conclusions. Let's analyze all risks and factors here.


During the following analysis, I made two assumptions. The first one is that we are comparing public WiFi hotspots with no encryption at all (referred to as Open), and we compare this to public WiFi hotspots with WPA2-PSK (and just hope WEP died years before). The other assumption is there are people who are security-aware, and those who just don't care. They just want to browse the web, access Facebook, write e-mails, etc.

The risks


Let's discuss the different threats people face using public hotspots, compared to home/work internet usage:
1. Where the website session data is not protected with SSL/TLS (and the cookie is not protected with secure flag), attackers on the same hotspot can obtain the session data and use it in session/login credentials stealing. Typical protocols affected:

  • HTTP sites
  • HTTPS sites but unsecured cookie
  • FTP without encryption
  • IMAP/SMTP/POP3 without SSL/TLS or STARTTLS

2. Attackers can inject extra data into the HTTP traffic, which can be used for exploits, or social engineer attacks (e.g. update Flash player with our malware) – see the Dark Hotel campaign

3. Attackers can use tools like SSLStrip to keep the user's traffic on clear text HTTP and steal password/session data/personal information

4. Attackers can monitor and track user activity

5. Attackers can directly attack the user's machine (e.g. SMB service)

WPA2-PSK security


So, why is a public WPA2-PSK WiFi safer than an open WiFi? Spoiler alert: it is not!

In a generic public WPA2-PSK scenario, all users share the same password. And guess what, the whole traffic can be decrypted with the following information: SSID + shared password + information from the 4-way handshake. https://wiki.wireshark.org/HowToDecrypt802.11
If you want to see it in action, here is a nice tutorial for you
Decrypted WPA2-PSK traffic

Any user having access to the same WPA2-PSK network knows this information. So they can instantly decrypt your traffic. Or the attackers can just set up an access point with the same SSID, same password, and stronger signal. And now, the attacker can instantly launch active man-in-the-middle attacks. It is a common belief (even among ITSEC experts) that WPA2-PSK is not vulnerable to this attack. I am not sure why this vulnerability was left in the protocol, if you have the answer, let me know. Edit (2015-08-03): I think the key message here is that without server authentication (e.g. via PKI), it is not possible to solve this.
Let me link here one of my previous posts here with a great skiddie tool:

To sum up, attackers on a WPA2-PSK network can:

  • Decrypt all HTTP/FTP/IMAP/SMTP/POP3 passwords or other sensitive information
  • Can launch active attacks like SSLStrip, or modify HTTP traffic to include exploit/social engineer attacks
  • Can monitor/track user activity

The only difference between open and WPA2-PSK networks is that an open network can be hacked with an attacker of the skill level of 1 from 10, while the WPA2-PSK network needs and an attacker with a skill level of 1.5. That is the difference.

The real solutions



1. Website owners, service providers should deploy proper (trusted) SSL/TLS infrastructure, protect session cookies, etc. Whenever a user (or security professional) notices a problem with the quality of the service (e.g. missing SSL/TLS), the service provider has to be notified. If no change is made, it is recommended to drop the service provider and choose a more secure one. Users have to use HTTPS Everywhere plugin.

2. Protect the device against exploits by patching the software on it, use a secure browser (Chrome, IE11 + enhanced protection), disable unnecessary plugins (Java, Flash, Silverlight), or at least use it via click-to-play. Also, the use of exploit mitigations tools (EMET, HitmanPro Alert, Malwarebytes AntiExploit) and a good internet security suite is a good idea.

3. Website owners have to deploy HSTS, and optionally include their site in an HSTS preload list

4. Don't click blindly on fake downloads (like fake Flash Player updates)


5. The benefits of a VPN is usually overestimated. A VPN provider is just another provider, like the hotspot provider, or the ISP. They can do the same malicious stuff (traffic injecting, traffic monitoring, user tracking). Especially when people use free VPNs. And "Average Joe" will choose a free VPN. Also, VPN connections tend to be disconnected, and almost none of the VPN providers provide fail secure VPNs. Also, for the price of a good VPN service you can buy a good data plan and use 4G/3G instead of low-quality public hotspots. But besides this, on mobile OSes (Android, iOS, etc.) I strongly recommend the use of VPN, because it is not practically feasible to know for users which app is using SSL/TLS and which is not.

6. Use a location-aware firewall, and whenever the network is not trusted, set it to a Public.

7. In a small-business/home environment, buy a WiFi router with guest WiFi access possibility, where the different passwords can be set to guest networks than used for the other.

Asking the question "Are you using open WiFi?", or "Do you do online banking on open WiFi?" are the wrong questions. The good questions are:
  • Do you trust the operator(s) of the network you are using?
  • Are the clients separated?
  • If clients are not separated, is it possible that there are people with malicious intent on the network?
  • Are you security-aware, and are you following the rules previously mentioned? If you do follow these rules, those will protect you on whatever network you are.

And call me an idiot, but I do online banking, e-shopping, and all the other sensitive stuff while I'm using open WiFi. And whenever I order pizza from an HTTP website, attackers can learn my address. Which is already in the phone book, on Facebook, and in every photo metadata I took with my smartphone about my cat and uploaded to the Internet (http://iknowwhereyourcatlives.com/).


Most articles and research publications are full of FUD about what people can learn from others. Maybe they are just outdated, maybe they are not. But it is totally safe to use Gmail on an open WiFi, no one will be able to read my e-mails.

PS: I know "Average Joe" won't find my blog post, won't start to read it, won't understand half I wrote. But even if they do, they won't patch their browser plugins, pay for a VPN, or check the session cookie. So they are doomed to fail. That's life. Deal with it.

Related word


Posted by at No comments:
Subscribe to: Posts (Atom)