1
00:00:00,180 --> 00:00:02,130
Hello everybody and welcome back.

2
00:00:02,130 --> 00:00:09,360
And right now we will try to configure our burp suit in order for us to make this a proxy and order

3
00:00:09,360 --> 00:00:17,850
for us to intercept our own requests its deeper requests and responses so the bird suit which is a program

4
00:00:17,880 --> 00:00:21,660
that we will use is already pre installed in clinics.

5
00:00:21,690 --> 00:00:29,520
So if you go on to the applications right here and you go onto the web application analysis it should

6
00:00:29,520 --> 00:00:32,320
be the first one right here.

7
00:00:32,360 --> 00:00:34,830
So this is a first time for you running it.

8
00:00:34,830 --> 00:00:37,330
It might ask you for a root password.

9
00:00:37,330 --> 00:00:41,080
You just type it in and you open up the burbs it.

10
00:00:41,290 --> 00:00:45,600
Now another way that you can open it is through the command line.

11
00:00:45,850 --> 00:00:51,700
So here it will say that appears to be it would basically just give us a message about the version just

12
00:00:51,700 --> 00:00:52,410
click here OK.

13
00:00:52,420 --> 00:00:53,870
Doesn't even matter what it says.

14
00:00:53,890 --> 00:01:04,100
And it should open up our burps it now I already configured my password so it works for me.

15
00:01:04,280 --> 00:01:07,270
Basically I will just show you the process.

16
00:01:07,430 --> 00:01:12,910
We will need to configure some of the things in our Firefox and also some of the things in the pursuit

17
00:01:12,950 --> 00:01:15,550
in order to capture our packets.

18
00:01:15,590 --> 00:01:20,760
So if you just click here or next use purple defaults click here on START burp.

19
00:01:21,080 --> 00:01:23,480
And it should start in a few seconds.

20
00:01:23,480 --> 00:01:28,350
Now what I wanted to say is that you can also run it through a command line with a burps.

21
00:01:28,640 --> 00:01:34,670
Wait let me just notice a little bit with the burbs it and it will just open up the same thing right

22
00:01:34,670 --> 00:01:35,180
here.

23
00:01:35,180 --> 00:01:36,240
Just.

24
00:01:36,500 --> 00:01:38,480
It will use your terminal for it.

25
00:01:38,510 --> 00:01:41,420
So you can have to go to the applications and so on and so on.

26
00:01:42,320 --> 00:01:45,890
So as you can see right here this is the suit.

27
00:01:46,010 --> 00:01:46,900
It is used.

28
00:01:46,910 --> 00:01:48,710
It has a bunch of options.

29
00:01:48,710 --> 00:01:52,700
It is used for us to intercept our own packets.

30
00:01:52,790 --> 00:01:58,070
Here we have some of the options such as age history here we will have deep web sites that we visited

31
00:01:58,070 --> 00:01:59,770
in the current session.

32
00:01:59,990 --> 00:02:02,990
And here you have the intercept.

33
00:02:03,030 --> 00:02:08,090
Here you have the option that the intercept is on and intercept this off.

34
00:02:08,180 --> 00:02:13,370
Now before cover all of these options I just want to show you what you need to do in order to get this

35
00:02:13,370 --> 00:02:14,080
to work.

36
00:02:14,090 --> 00:02:20,150
So what you want to go to is go to the proxy which is the second one from the top from the right.

37
00:02:21,620 --> 00:02:27,040
Pardon me second one from the left and then below that you want to go to the options.

38
00:02:27,080 --> 00:02:29,940
So proxy and then options here.

39
00:02:29,960 --> 00:02:34,710
We are interested in the proxy a listener's part where you will have by default.

40
00:02:34,730 --> 00:02:44,360
This one night 2 1 27 0 0 0 the one on port 88 which is listening on 880 on a local host.

41
00:02:44,360 --> 00:02:50,120
Now what you want to do is select that one and basically just click here on the edit and it should open

42
00:02:50,120 --> 00:02:57,110
up this small window where you want to specify the bind port to be 880.

43
00:02:57,140 --> 00:03:02,270
And here you can just basically you can put here all interfaces or low back only.

44
00:03:02,390 --> 00:03:06,780
I live it and look back only and you can also specify a certain address.

45
00:03:06,830 --> 00:03:13,250
So for example my current IP address of this machine is 1 8 2 that 168 that one that's 6.

46
00:03:13,280 --> 00:03:21,530
But I will leave it on local host an unlocked back only since I will specify that proxy in my Firefox

47
00:03:21,530 --> 00:03:22,180
as well.

48
00:03:22,280 --> 00:03:23,960
So just click here on the.

49
00:03:23,980 --> 00:03:24,680
OK.

50
00:03:24,830 --> 00:03:30,860
So on Port 880 low back only 127 0 0 0 that one click you're on.

51
00:03:30,860 --> 00:03:41,640
OK and now what we want to do is go to our Firefox so open up your browser and where you want to go

52
00:03:41,650 --> 00:03:43,510
is basically here on the right.

53
00:03:43,510 --> 00:03:51,280
These three lines open menu and go to the preferences now under the preferences you want to go to the

54
00:03:51,280 --> 00:03:57,880
general which is already open right here by default you want to scroll all the way down and find the

55
00:03:57,910 --> 00:03:59,360
network proxy.

56
00:03:59,360 --> 00:04:02,470
So here we can see configure how Firefox connects to the Internet.

57
00:04:02,530 --> 00:04:08,170
What we want to do is basically make our Firefox connect to the Internet through our suite.

58
00:04:08,410 --> 00:04:12,660
So click here on the settings and it should open up this area.

59
00:04:12,670 --> 00:04:17,920
This small window by default it should be set on no proxy.

60
00:04:17,980 --> 00:04:24,810
Do what you want to do is change it to be set on the manual proxy configuration.

61
00:04:24,850 --> 00:04:31,720
So once you check that I believe uh since you didn't configure it before it should have only the first

62
00:04:31,720 --> 00:04:38,900
one which is HDP proxy has set on 127 0 0 the one on port 80.

63
00:04:39,040 --> 00:04:40,330
Now what you want to do.

64
00:04:40,710 --> 00:04:41,720
Oh pardon me.

65
00:04:41,740 --> 00:04:47,950
What you want to do is all of these for you want to set on the same set on the same settings which is

66
00:04:47,950 --> 00:04:51,640
basically even the SSL even the FTB even the Sox host.

67
00:04:51,640 --> 00:05:00,310
You want to set all of these four onto the IP address of your local host which is 127 0 2 0 1 and all

68
00:05:00,310 --> 00:05:09,600
of those for want to be set on the port 880 once you set all of this for to be exactly the same.

69
00:05:09,620 --> 00:05:12,500
You want to check here Sox v 5.

70
00:05:12,530 --> 00:05:17,650
It should be checked by default but if it is not check your Sox be five.

71
00:05:17,690 --> 00:05:22,120
Once you do that click here on OK and you should be good to go.

72
00:05:22,130 --> 00:05:28,160
So if you click here settings then we can see that now our manual configuration proxy is set on the

73
00:05:28,670 --> 00:05:30,260
local host.

74
00:05:30,260 --> 00:05:38,920
Now if you go right here and try to search Google dot com for you it and first of all it won't work

75
00:05:38,920 --> 00:05:39,430
for you.

76
00:05:39,430 --> 00:05:47,860
It should say something like uh something like I don't I'm not really sure but if you say insecure connection

77
00:05:47,860 --> 00:05:52,290
or something like that basically it won't let you connect to Google dot com.

78
00:05:52,960 --> 00:05:59,410
But if you for example go to an H CTP website which I'm not really sure.

79
00:05:59,410 --> 00:06:04,210
Let me just find any age TTP website

80
00:06:07,550 --> 00:06:09,260
have anything saved.

81
00:06:11,120 --> 00:06:14,100
Well we have our web application which is not a city.

82
00:06:14,110 --> 00:06:14,420
Yes.

83
00:06:14,450 --> 00:06:20,900
So you should be able to connect to any deep web site but you will not be able to connect to any HDP

84
00:06:20,900 --> 00:06:22,440
s Web site.

85
00:06:22,470 --> 00:06:31,130
Now if you have a few type here any HDP Web site and it is loading on forever you might want to do is

86
00:06:31,130 --> 00:06:33,540
go to your groups with and make intercept.

87
00:06:33,630 --> 00:06:41,180
OK so if your intercept is on like it is right now for me it wont let you load any page since it will

88
00:06:41,180 --> 00:06:42,480
wait for you to

89
00:06:44,920 --> 00:06:46,750
forward or drop the packet.

90
00:06:46,750 --> 00:06:48,460
Let me just show you what I'm talking about.

91
00:06:48,460 --> 00:06:54,050
If I refresh this page right here you will see that this will load forever.

92
00:06:54,190 --> 00:06:56,050
It will never load the page

93
00:06:59,100 --> 00:07:06,800
and in the suite we can see that it basically give us some of the ETP header request header for this

94
00:07:06,820 --> 00:07:09,080
website which is just my virtual machine.

95
00:07:09,110 --> 00:07:15,710
My always vulnerable machine and it will ask me if I want to drop this packet which means to discard

96
00:07:15,710 --> 00:07:18,840
it or to forward that packet to that machine.

97
00:07:18,860 --> 00:07:26,230
Now if I forward it and I open right here once again let me just open up my firefox you can see that

98
00:07:26,240 --> 00:07:30,300
now it's loaded the page because I forwarded the package.

99
00:07:30,350 --> 00:07:37,520
Now if you have that checked on which means the intercept is on you want to make it off so you can load

100
00:07:37,520 --> 00:07:40,550
the page without forwarding every package.

101
00:07:40,550 --> 00:07:43,800
So just click here and make sure that the intercept is off.

102
00:07:43,900 --> 00:07:50,090
And now if I tried to reload the page once again it will reload it normally and open the page.

103
00:07:50,110 --> 00:07:56,130
Now we want to also make sure that we can load our GDP as Web sites.

104
00:07:56,140 --> 00:08:03,450
For me it works but for you it won't work until you install in your Firefox a burp suit.

105
00:08:03,490 --> 00:08:05,750
See a certificate.

106
00:08:05,950 --> 00:08:12,160
Basically we need to install the burps it's a certificate in our Firefox in order for our Firefox to

107
00:08:13,170 --> 00:08:13,800
look.

108
00:08:13,870 --> 00:08:17,860
Burps it as a trusted proxy source.

109
00:08:17,860 --> 00:08:22,030
So in order to do that first of all make sure your burps suit is running.

110
00:08:22,660 --> 00:08:27,280
Make sure that you configured the preferences in firefox.

111
00:08:27,280 --> 00:08:35,020
And then just go once again right here so make sure that this is the same as mine.

112
00:08:35,100 --> 00:08:37,070
Make sure the suit is running.

113
00:08:37,290 --> 00:08:38,310
If it's not running.

114
00:08:38,310 --> 00:08:39,240
This won't work.

115
00:08:39,240 --> 00:08:41,380
You won't be able to download the certificate.

116
00:08:41,580 --> 00:08:44,290
And once this is the same as mine.

117
00:08:44,550 --> 00:08:50,310
And once you run the boot through it and the intercept is off you want to go and open up a new tab and

118
00:08:50,310 --> 00:08:52,170
type here in GDP

119
00:08:55,620 --> 00:08:58,860
and then Burt just that.

120
00:08:58,860 --> 00:09:05,080
So once you typed that it will lead you to this page well it will say burp suit Community Edition welcome

121
00:09:05,090 --> 00:09:11,280
to groups that come into addition what you want to go on here is on the C a certificate and click on

122
00:09:11,280 --> 00:09:11,780
it.

123
00:09:13,900 --> 00:09:16,870
It will ask you if you want to download this file you want to save it.

124
00:09:16,900 --> 00:09:17,280
Yes.

125
00:09:17,290 --> 00:09:21,640
So where the file is 973 bytes so it's not that large.

126
00:09:21,670 --> 00:09:27,650
You just click here on the save and once it downloads you find where you saved it.

127
00:09:27,910 --> 00:09:28,960
Let's just find it.

128
00:09:28,960 --> 00:09:30,520
I already have one downloaded.

129
00:09:30,550 --> 00:09:34,420
So I have it right here you will only have one of these.

130
00:09:34,510 --> 00:09:40,150
So once you find that you want to go to your burps to it a part of me you want to go through Firefox

131
00:09:40,780 --> 00:09:47,920
again to the preferences but instead of going to the networks proxy settings we want to go onto the

132
00:09:48,340 --> 00:09:50,650
privacy and security settings.

133
00:09:51,490 --> 00:09:57,910
So once you're there once you're at the privacy and security settings what you want to do is basically

134
00:09:58,000 --> 00:10:04,040
scroll down and find these certificates should be and maybe there all the way down.

135
00:10:04,070 --> 00:10:04,250
Yeah.

136
00:10:04,260 --> 00:10:05,480
There they are.

137
00:10:05,480 --> 00:10:14,300
So here are the certificates and you want to go on to the new certificates once this window opens up.

138
00:10:14,320 --> 00:10:19,490
It will show you a bunch of these certificates too already in your Firefox web browser.

139
00:10:19,540 --> 00:10:25,060
Now what you want to do is import the already downloaded certificate that we download from this website

140
00:10:25,210 --> 00:10:26,760
which is NCT burp.

141
00:10:26,860 --> 00:10:27,680
How we do that.

142
00:10:27,710 --> 00:10:36,700
Well basically we just go onto the import right here so click on the import and find where this file

143
00:10:36,760 --> 00:10:37,980
is safe for you.

144
00:10:37,990 --> 00:10:41,560
I already imported it so I won't be importing it twice.

145
00:10:41,560 --> 00:10:42,630
Here it is.

146
00:10:42,850 --> 00:10:46,180
Just click on the file and click on the open.

147
00:10:46,360 --> 00:10:51,260
And once it does that click on the OK and you should be good to go now.

148
00:10:51,310 --> 00:10:57,970
After that if you type Google com once again it should be loading the CTP as Web sites as well as the

149
00:10:58,070 --> 00:10:59,320
TTP websites.

150
00:11:03,010 --> 00:11:08,980
Now if this didn't work make sure once again that the purpose of it is running or this will not work.

151
00:11:08,980 --> 00:11:14,630
Make sure that all of these options are already set as mine and you should be good to go now.

152
00:11:14,770 --> 00:11:24,250
Once we made this work for a GDP energy GDP s now we can track all of the packets going through our

153
00:11:24,340 --> 00:11:30,640
own groups and as we can see right here if we go into the target it will give me a list of all the codes

154
00:11:30,640 --> 00:11:32,140
that have already visited.

155
00:11:32,280 --> 00:11:39,370
As we can see right here these are just a bunch of the TTP request packets that I sent in order to visit

156
00:11:39,370 --> 00:11:47,360
my virtual machine which is on the IP address of 182 that 168 that one that 9 now.

157
00:11:47,360 --> 00:11:52,920
In the next story I'll show you some of these packets how you can configure them how you can change

158
00:11:52,920 --> 00:11:58,430
them and all of that and where you can find all the websites that you visited and specific packet.

159
00:11:58,440 --> 00:12:01,890
If you search for it but for now on.

160
00:12:01,890 --> 00:12:06,780
Just make sure that your burps it works and that when you visit a website so it can just show you once

161
00:12:06,780 --> 00:12:11,180
again lets visit Facebook dot com.

162
00:12:11,420 --> 00:12:20,820
It should open up the Facebook page and it should also have here a bunch of other Facebook domains opened

163
00:12:20,880 --> 00:12:28,110
as you can see the pages that you requested will be the darker letters than the ones that it automatically

164
00:12:28,110 --> 00:12:33,510
search for in order to get to the your Facebook page and we can see right here this is our Facebook

165
00:12:33,510 --> 00:12:38,160
page and the ETP requests that we got from it.

166
00:12:38,700 --> 00:12:45,070
So I will make sure to explain the requests and responses better in the next video.

167
00:12:45,120 --> 00:12:48,810
And until then I hope you're having a great day and take care.