hack like a pro with burp suite - nullhyd
TRANSCRIPT
![Page 1: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/1.jpg)
Hack Like a Pro with Burp Suite
/pavanw3
b
![Page 2: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/2.jpg)
What do you learn?
I’m a boring geek Burp Suite is your best friend Some really cool tweaks
![Page 3: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/3.jpg)
~$ whoamipavanw3b Yet another w3bAppSec guy break-fix-repeat Security Engineer @ ServiceNow
![Page 4: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/4.jpg)
Who’s an expert here?
![Page 5: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/5.jpg)
More than an interception proxy
Burp Suite
![Page 6: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/6.jpg)
Start like a Pro$ java –jar –Xmx4G /path/burpsuite.jar
• Let burp use up to 4GB• Default can be as low as
128MB• But not more than 4GB
![Page 7: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/7.jpg)
Better Proxy-ing
Global Just Firefox Moody?FoxyProxy
![Page 8: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/8.jpg)
Focus on Target It’s your Desktop Set better Scope Compare Site maps Drop out-of-scope Options > Connections
![Page 9: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/9.jpg)
Better Filter Target See In-scope items Hide not-found Demo
![Page 10: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/10.jpg)
Playing around Proxy Play around Message Analytics
Can also contain XML, AMF & View State
Intercept Request Intercept Response HTTP history: Params & Filter Unhide hidden form fields
![Page 11: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/11.jpg)
Exploiting with Intruder
Send lots of data & make sense of response Username Enumeration, Directory Fuzzing – XSS, SQLi, Path traversal Add payload: FuzzDB, WebAppURLs, OWASP DirBuster Demo: Save & Load attack Config
![Page 12: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/12.jpg)
Stay calm & use Scanner
Passive Scanning Active Scanning Use wise! Crawl -> Scan Demo Don’t make too fast Be in-scope
![Page 13: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/13.jpg)
Never miss anything - Repeater
Scratchpad Demo Change the way you want it Try OPTIONS
![Page 14: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/14.jpg)
The good Spider Create lots of Pollution Form Submissions Do after manual Crawl Demo Some are only on Prod: robots.txt Careful - Delete all users Control threads
![Page 15: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/15.jpg)
All about tokens - Sequencer
Test how random it is.. Session, CSRF, Password reset etc
Min 100 tokens required
![Page 16: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/16.jpg)
Find the secret - Decode
No Key - No Security Encode != Security Demo Send to Decoder
![Page 17: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/17.jpg)
Confused? Use Comparer
Compare responses Blind SQLi Compare by
Words Byte
Byte: Computationally costly Demo: Compare 2 responses
![Page 18: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/18.jpg)
Engagement Tools
Search Find in Comments, Scripts, Ref Analyze Target Discover Content
![Page 19: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/19.jpg)
Wanna add? Extender Jython, JRuby etc BApp Store
java.lang.OutOfMemoryError?
java -XX:MaxPermSize=1G -jar burpsuite.jar
![Page 20: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/20.jpg)
Maintenance Save State
Save in-scope only Restore State
Don’t restore from untrusted sources Auto backup Schedule Task: Save State - Creates only 1file
![Page 21: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/21.jpg)
Some more if you need
Right click & you got all Shortcuts: Options > Misc > Hotkeys
![Page 22: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/22.jpg)
References & Reads Burp Suite Essentials by Akash Mahajan
10 Unbeatable Features of Burp Suite Pro Official Documentation Pen Testing with Burp Suite Real life tips & tricks
![Page 23: Hack like a pro with burp suite - nullhyd](https://reader033.vdocuments.mx/reader033/viewer/2022042611/587aa7a51a28abed218b4c9f/html5/thumbnails/23.jpg)
Am I really
boring?
Pavanhttp://pavanw3b.comfb/pavanw3b | @pavanw3b