Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,120 --> 00:00:06,360 Another useful tool when it comes to Web applications is a tool called burp sweet. 2 00:00:06,360 --> 00:00:12,330 Now let's go ahead and open up brb sweet so going to go up to the applications and in your favorite 3 00:00:12,540 --> 00:00:13,680 should exist. 4 00:00:13,680 --> 00:00:14,260 Burps sweet. 5 00:00:14,270 --> 00:00:19,470 Here now Bert sweet is what we call a Web proxy. 6 00:00:19,530 --> 00:00:25,680 Now Web proxy means that it has the capability of intercepting traffic for us and we're going to see 7 00:00:25,680 --> 00:00:26,980 what that looks like. 8 00:00:27,000 --> 00:00:30,020 So you're probably gonna get this error about this Jerry. 9 00:00:30,030 --> 00:00:31,600 Don't worry about it. 10 00:00:31,830 --> 00:00:38,410 We're just going to say OK you might get a you need to accept this license agreement when you first 11 00:00:38,410 --> 00:00:38,710 started. 12 00:00:38,710 --> 00:00:41,080 Go ahead and accept that as well. 13 00:00:41,080 --> 00:00:44,180 And if you see an update screen go ahead and just close. 14 00:00:44,230 --> 00:00:48,220 So we are on the community edition so we will have limited features. 15 00:00:48,220 --> 00:00:52,840 We'll talk more about those when we get to the web application section but just want to introduce you 16 00:00:52,840 --> 00:00:58,810 to what Bersih can do in a very basic form and how we can actually gather some information out of a 17 00:00:58,800 --> 00:01:01,550 Web site from Herb sweet pretty easily. 18 00:01:01,600 --> 00:01:09,180 So let's go ahead and just select temporary project and click next and then select start BIR. 19 00:01:09,410 --> 00:01:15,920 Now the first thing that we're going to do is we're going to set up our Firefox for utilizing brb suite. 20 00:01:15,950 --> 00:01:23,160 So go ahead and go to favorites in Firefox and I want you to go over to the right hand a little hamburger 21 00:01:23,160 --> 00:01:26,580 here and you're going to go and select preferences 22 00:01:29,260 --> 00:01:30,300 from preferences. 23 00:01:30,310 --> 00:01:37,390 We're gonna scroll down all the way to the bottom and we're going to select settings. 24 00:01:37,450 --> 00:01:45,900 Now we're going to select this manual proxy configuration here and we're going to say 1 2 7 0 0 dot 25 00:01:46,010 --> 00:01:48,890 one port 80 80. 26 00:01:49,150 --> 00:01:51,070 Later we get to the web application section. 27 00:01:51,070 --> 00:01:55,420 I'll show you a much easier way of doing this would be tool called Foxy proxy. 28 00:01:55,420 --> 00:01:58,120 But for right now this is a very high level overview. 29 00:01:58,600 --> 00:02:04,750 So go ahead and use this proxy server for all protocols and that should fill in the rest. 30 00:02:04,750 --> 00:02:06,730 Down here we're gonna go ahead and hit. 31 00:02:06,730 --> 00:02:12,090 OK and we're going to leave this open I'll show you why in a second. 32 00:02:12,090 --> 00:02:22,740 So I also want you to go to a new tab and I want you to go to h s double that slash slash burn like 33 00:02:22,740 --> 00:02:24,130 this. 34 00:02:24,360 --> 00:02:27,320 Now your first page might not show up like this. 35 00:02:27,320 --> 00:02:32,820 It might show up with a you need to accept this certificate you're just gonna say allow down at the 36 00:02:32,820 --> 00:02:38,790 bottom and say yes permanently store this exception and then you'll be brought to a screen somewhat 37 00:02:38,790 --> 00:02:39,480 like this. 38 00:02:39,930 --> 00:02:45,450 So what you're gonna do is you're gonna go ahead and just click on see a certificate here and then save 39 00:02:45,450 --> 00:02:46,900 the file. 40 00:02:46,980 --> 00:02:50,430 Mine is already saved as you can see in my downloads right here. 41 00:02:50,430 --> 00:02:56,980 So what I'm going to do is we're going to go back into preferences once we have that saved and we're 42 00:02:56,980 --> 00:02:59,910 going to go to privacy and security over on the left hand side. 43 00:03:01,010 --> 00:03:06,230 We're going to scroll all the way down to the bottom and there is a view certificates but down here 44 00:03:08,560 --> 00:03:14,880 and then we're gonna go ahead and just hit import your Downloads folder should automatically be selected 45 00:03:14,910 --> 00:03:16,260 if not select download. 46 00:03:16,260 --> 00:03:21,270 And then just select the CIA sir I.D. are hit open. 47 00:03:21,300 --> 00:03:23,160 And then it's already installed for me. 48 00:03:23,160 --> 00:03:28,120 But you will have to check boxes check both of those boxes and select OK. 49 00:03:28,260 --> 00:03:31,020 And then it should now be imported for you. 50 00:03:31,020 --> 00:03:32,040 So a couple of things to note. 51 00:03:32,040 --> 00:03:35,230 Firefox sometimes changes things around. 52 00:03:35,370 --> 00:03:37,830 I am recording this video in 2019. 53 00:03:37,830 --> 00:03:43,230 If you watch it at a later time just be cognizant that in the General tab usually towards the bottom 54 00:03:43,230 --> 00:03:48,580 is the network settings and the privacy and security settings usually contain the certificate. 55 00:03:48,600 --> 00:03:51,380 So look around for those sometimes these move. 56 00:03:51,500 --> 00:03:54,820 So from here let's go ahead and just see what we set up. 57 00:03:54,840 --> 00:03:57,450 So I want you to go ahead and try to go to a Web site. 58 00:03:57,450 --> 00:04:02,090 We can try to say Tesla dot com and it is going to stall out. 59 00:04:02,100 --> 00:04:03,810 What is going on here. 60 00:04:03,840 --> 00:04:08,310 So if we go over here we see this proxy tab is lit up in orange. 61 00:04:08,320 --> 00:04:14,010 We're gonna go ahead and click on that and you could see that it's gathering some data here it's captured 62 00:04:14,030 --> 00:04:16,710 and stuff from Firefox. 63 00:04:16,710 --> 00:04:22,800 We've got more Firefox we can just click forward through this if we want and now we could see Tesla 64 00:04:22,800 --> 00:04:28,230 starting to load and what we're doing is we're intercepting requests that Tesla is making out. 65 00:04:28,230 --> 00:04:32,220 This to me looks like a API request or geo ip requests. 66 00:04:32,220 --> 00:04:35,130 This might be geo location looking for a city. 67 00:04:35,340 --> 00:04:40,140 So we're just clicking through clicking through all we're doing is capturing all different kinds of 68 00:04:40,140 --> 00:04:45,360 traffic and we can modify this traffic say we have this request here you don't have to know what this 69 00:04:45,360 --> 00:04:50,520 is right now but we have got this get request we can make this a poster class and for that and see what 70 00:04:50,520 --> 00:04:51,610 happens. 71 00:04:51,660 --> 00:04:53,010 I'm going to turn the intercept off. 72 00:04:53,010 --> 00:04:58,740 I'm going to show you what's going on here so we can go over to the target and you can see all the pages 73 00:04:58,740 --> 00:05:00,230 that have loaded in here. 74 00:05:00,240 --> 00:05:04,740 This is all the traffic that has been intercepted so far since we ran Tesla. 75 00:05:04,800 --> 00:05:10,380 So not only is Tesla running but you could see that it pulls a Google Analytics it pulls this secured 76 00:05:10,380 --> 00:05:15,870 visit which looks like tracking as well it pulls DoubleClick which looks like maybe ads and then it 77 00:05:15,870 --> 00:05:18,250 has an API running here as well. 78 00:05:18,300 --> 00:05:20,310 So it's gathering all this traffic through. 79 00:05:20,330 --> 00:05:25,830 But we're going to dig into this Tesla here and I just want to click on the first Ford slash and see 80 00:05:25,830 --> 00:05:28,230 if there's a response to our request. 81 00:05:28,260 --> 00:05:28,740 There isn't. 82 00:05:28,740 --> 00:05:32,560 Let's go ahead and just look at maybe the. 83 00:05:32,800 --> 00:05:35,470 Let's see if we click into one of these if we get a good response. 84 00:05:35,470 --> 00:05:35,920 We don't. 85 00:05:35,920 --> 00:05:38,840 Let's refresh one more time on the page. 86 00:05:38,860 --> 00:05:40,960 You might even need to hit enter. 87 00:05:40,960 --> 00:05:41,290 OK. 88 00:05:41,290 --> 00:05:43,180 And sometimes it doesn't come through right away. 89 00:05:43,180 --> 00:05:44,710 So let's go ahead and just click around. 90 00:05:44,710 --> 00:05:45,160 There we go. 91 00:05:45,160 --> 00:05:47,270 Do you see all this stuff coming through now. 92 00:05:47,350 --> 00:05:48,280 That's more like it. 93 00:05:48,280 --> 00:05:50,400 It wasn't taking everything up right away. 94 00:05:50,470 --> 00:05:54,120 So what we can do is we can look at some of the things that just came through. 95 00:05:54,130 --> 00:05:56,590 Like we just went to the Model 3 page. 96 00:05:56,590 --> 00:06:00,700 So let's go ahead and click on this Model 3 and see what it's got for us. 97 00:06:00,700 --> 00:06:06,440 So you can see that if we look at the request for this get Model 3 we made a GET request to Model 3. 98 00:06:06,790 --> 00:06:11,230 And what's happened is we say hey I want to go out to this page. 99 00:06:11,230 --> 00:06:14,480 Go ahead take me there and then we can view the response as well. 100 00:06:14,500 --> 00:06:18,420 Now in the response we can get so much information. 101 00:06:18,490 --> 00:06:19,680 Look at this. 102 00:06:19,840 --> 00:06:25,110 We're seeing here that BHP seven point three point seven is running on the back end. 103 00:06:25,180 --> 00:06:28,090 We can see a bunch of information here as well. 104 00:06:28,120 --> 00:06:29,500 Drew Paul aid is running. 105 00:06:29,500 --> 00:06:32,740 We identified that earlier but we're identifying it again. 106 00:06:32,920 --> 00:06:34,360 We could see a lot of other stuff. 107 00:06:34,390 --> 00:06:38,970 There's some weird things here going on too like there's a server name sitting in here. 108 00:06:38,980 --> 00:06:44,320 Typically on an assessment this would actually be a finding a low finding but it's informational as 109 00:06:44,320 --> 00:06:48,730 this is giving us information on possibly naming structure inside that network. 110 00:06:48,820 --> 00:06:51,880 But they also have their own Tesla type header here. 111 00:06:51,880 --> 00:06:54,930 So this is very unique for a client. 112 00:06:55,240 --> 00:07:02,740 But what the point of the matter is here is that we can intercept a basic request in response and get 113 00:07:02,740 --> 00:07:04,690 a lot of information through suite. 114 00:07:04,720 --> 00:07:10,700 We're going to hit home on this really hard when it comes into the scanning and enumeration section. 115 00:07:10,720 --> 00:07:13,570 And when we get into the web section as well. 116 00:07:13,570 --> 00:07:19,120 But for now I just want you to take away that we've installed purposely and we can go out to a Web site 117 00:07:19,450 --> 00:07:23,530 and I still define this as not active scanning. 118 00:07:23,530 --> 00:07:30,030 There is a feature in brb suite that has active scanning that we could actually run but that is a brb 119 00:07:30,030 --> 00:07:30,600 sleep pro. 120 00:07:30,610 --> 00:07:35,890 So it has a vulnerability scanner built in you can see see up here upgrade to Bersih professional automatically 121 00:07:35,890 --> 00:07:37,280 find vulnerabilities. 122 00:07:37,360 --> 00:07:41,740 I have brb Sue pro it's four hundred dollars a year is absolutely fantastic. 123 00:07:41,740 --> 00:07:42,940 Worth the money. 124 00:07:42,970 --> 00:07:46,090 One of the few applications that I would recommend anybody buy. 125 00:07:46,510 --> 00:07:50,830 But for the course I'm going to limit it to utilizing communication. 126 00:07:50,830 --> 00:07:56,270 I will bring in pro sometimes as a show you some features but we're not going to worry about that. 127 00:07:56,380 --> 00:08:02,420 So long spiel short I still feel that we are in step one here even though we are accessing the Web site 128 00:08:02,710 --> 00:08:05,590 we're not doing anything very actively with scanning. 129 00:08:05,590 --> 00:08:06,910 This is all very passive. 130 00:08:06,910 --> 00:08:09,960 We're using traffic like a normal user would. 131 00:08:09,970 --> 00:08:13,490 So you can see that we can intercept traffic and get a lot of information. 132 00:08:13,540 --> 00:08:18,850 Again tools like appetizer look it pulls down the headers for us and it says hey it's running DHB seven 133 00:08:18,850 --> 00:08:20,090 point three point seven. 134 00:08:20,170 --> 00:08:22,870 It's running Drupal 8 whereas it getting that from. 135 00:08:23,170 --> 00:08:25,090 Well it's getting it from these responses. 136 00:08:25,210 --> 00:08:28,120 So it's pulling a lot of that down for us automatically. 137 00:08:28,120 --> 00:08:31,570 But there's a lot of things that we can do when we get into Barb's suit as well. 138 00:08:31,570 --> 00:08:37,120 So consider this just a mini introduction into the tool and then we'll touch back on it over and over 139 00:08:37,120 --> 00:08:38,710 again as we go. 140 00:08:38,710 --> 00:08:40,370 So this is it for this video. 141 00:08:40,480 --> 00:08:45,940 We're going to get into some google fu in the next video and talk about social media as well. 142 00:08:45,970 --> 00:08:47,460 So I'll see you in the next one. 14000