1 00:00:00,120 --> 00:00:05,970 ‫All right, so now we're getting there, a personal proxy gives you a direct view into how your target 2 00:00:05,970 --> 00:00:07,900 ‫application works under the hood. 3 00:00:08,580 --> 00:00:15,150 ‫It operates as a web proxy server and sits as a man in the middle between your browser and destination 4 00:00:15,150 --> 00:00:15,930 ‫web servers. 5 00:00:16,970 --> 00:00:23,150 ‫This lets you intercept, inspect and modify the raw traffic passing in both directions. 6 00:00:23,270 --> 00:00:29,870 ‫If the application employs HTTPS, the personal proxy tool breaks the SSL connection between your browser 7 00:00:29,870 --> 00:00:34,550 ‫and the server so that even encrypted data can be viewed and modified within the proxy. 8 00:00:35,180 --> 00:00:41,480 ‫So here's a demo setting up a personal proxy and your browser to work with each other involves the following 9 00:00:41,480 --> 00:00:42,030 ‫elements. 10 00:00:42,050 --> 00:00:46,430 ‫First, we need a proxy listener to accept a request from your browser. 11 00:00:47,880 --> 00:00:54,300 ‫We can use Burp Suite for this purpose, which is embedded into Kali Linux by default, Burp listener 12 00:00:54,300 --> 00:00:56,260 ‫uses Port 880. 13 00:00:56,610 --> 00:01:02,310 ‫Second, we need to configure our browser to use the proxy listener as its proxy server. 14 00:01:02,340 --> 00:01:06,360 ‫We can change the proxy settings of our browsers from the following menus. 15 00:01:08,210 --> 00:01:09,050 ‫Preferences. 16 00:01:10,990 --> 00:01:14,080 ‫Advanced network settings. 17 00:01:16,190 --> 00:01:22,250 ‫Or even simpler, we can use plug ins, such as Foxy Proxy to change the proxy settings with a single 18 00:01:22,250 --> 00:01:22,670 ‫click. 19 00:01:27,000 --> 00:01:28,470 ‫When you install the plug in. 20 00:01:30,550 --> 00:01:33,070 ‫A Fox icon appears next to the address bar. 21 00:01:36,600 --> 00:01:43,080 ‫Since Burp Suite listener listens to the Port A380, we redirect the traffic to that port. 22 00:01:54,790 --> 00:01:59,530 ‫Now, let's see how we intercept the traffic and modify the request. 23 00:02:00,160 --> 00:02:03,970 ‫Go back to Firefox, see proxy is disabled at the moment. 24 00:02:04,000 --> 00:02:09,000 ‫Visit HTP Colon Slash Slash NHS Dot UK or whatever you want. 25 00:02:09,010 --> 00:02:10,630 ‫Now open the Burp Suite. 26 00:02:11,580 --> 00:02:15,060 ‫In Burp Suite, make sure that the Intercept mode is on. 27 00:02:16,180 --> 00:02:19,090 ‫Go to Intercept tab under the Proxy tab. 28 00:02:20,410 --> 00:02:22,900 ‫And see, the intercept button is on. 29 00:02:24,200 --> 00:02:32,330 ‫So back to the browser and select the personal proxy for Port 880 from the Fox Epoxy plug in type green 30 00:02:32,600 --> 00:02:38,240 ‫or whatever you want into the search box in the upper right hand corner and press enter. 31 00:02:41,420 --> 00:02:46,760 ‫The responses caught by Burp Suite find the word we search for in the request. 32 00:02:47,060 --> 00:02:48,860 ‫Change it, for example, yellow. 33 00:02:52,370 --> 00:02:53,930 ‫Press the forward button. 34 00:02:56,220 --> 00:03:01,200 ‫Now there will be following requests for the resources of the website, which we are not interested 35 00:03:01,200 --> 00:03:05,790 ‫in, so we can turn the intercept off at this point to avoid time laws. 36 00:03:06,740 --> 00:03:13,700 ‫Go back to the browser, and as you see, we sent Green to search, but since we changed it using a 37 00:03:13,700 --> 00:03:16,360 ‫personal proxy, we have a different result. 38 00:03:16,370 --> 00:03:25,040 ‫Now if you try any website which uses HTTPS protocol, such as Google.com, you probably got the message 39 00:03:25,040 --> 00:03:30,830 ‫that your connection is not secure to be able to intercept the traffic Burp Suite handshakes with a 40 00:03:30,830 --> 00:03:36,710 ‫website and we handshake with ERPs week since we haven't added the Burp Suite certificate as trusted, 41 00:03:36,710 --> 00:03:41,270 ‫you get that message, go to advanced and add exception, then you can keep going. 42 00:03:41,270 --> 00:03:46,580 ‫Burp Suite makes the handshake with the website, and we make the handshake with Burp Suite.