1
00:00:00,120 --> 00:00:01,170
Welcome back everybody.

2
00:00:01,170 --> 00:00:07,230
And in this tutorial our show you some of the basics of burps it how to know how to intercept packets

3
00:00:07,230 --> 00:00:11,160
how to you packets how to your responses and so on and so on.

4
00:00:11,310 --> 00:00:11,670
You will.

5
00:00:11,670 --> 00:00:18,410
This is also a great way for you to learn more about the package themselves and learn more how an ATP

6
00:00:18,580 --> 00:00:25,660
for example get requests to post requests look like and one you will be seeing them.

7
00:00:25,690 --> 00:00:29,060
So let's first of all run our suit.

8
00:00:29,140 --> 00:00:35,330
So for that just type in your terminal burp suit or you can run it through the applications right here.

9
00:00:35,410 --> 00:00:38,530
It will open up in the exact same way as we can see right here.

10
00:00:38,530 --> 00:00:39,900
We get the message again.

11
00:00:39,910 --> 00:00:40,570
So just click here.

12
00:00:40,660 --> 00:00:46,900
Okay let me just close the terminal right here and here you just go on temporary project.

13
00:00:46,900 --> 00:00:49,430
Project next and then start burp

14
00:00:53,750 --> 00:00:55,480
every time you open the burp suit.

15
00:00:55,480 --> 00:01:01,810
You will notice that under the proxy settings right here the intercept is always on by the default.

16
00:01:02,470 --> 00:01:11,320
So that would mean that if I go on to my Firefox for example and try to load for example Twitter dot

17
00:01:11,320 --> 00:01:17,780
com it will never load it until I forward the packet or turn the intercept intercept off.

18
00:01:18,340 --> 00:01:24,280
So it is useful if you want to watch the packet so we can see the first packet how it looks.

19
00:01:24,310 --> 00:01:29,910
So I requested this page with the protocol ETP one point one.

20
00:01:29,980 --> 00:01:31,980
The host is Firefox dot com.

21
00:01:31,990 --> 00:01:38,340
So basically and the user range it is Mozilla 5.0 ALL THESE THESE ARE JUST MY information since this

22
00:01:38,350 --> 00:01:44,650
is an entity request I am sending this to the server so we can forward it but you will notice that there

23
00:01:44,650 --> 00:01:46,360
will be another packet.

24
00:01:46,360 --> 00:01:52,180
So basically there will be a lot of packets that you will need to forward in order to get to the website

25
00:01:52,240 --> 00:01:55,280
as we can see even though I forwarded the first packet.

26
00:01:55,360 --> 00:01:57,640
It is not still on the website itself.

27
00:01:58,150 --> 00:02:07,960
So let me just forward all of the packets and once you do not get any packet anymore you should be loading

28
00:02:08,020 --> 00:02:10,240
the page as we can see.

29
00:02:10,240 --> 00:02:11,400
There are lots of them.

30
00:02:11,420 --> 00:02:13,080
So this is a big Web site.

31
00:02:13,270 --> 00:02:18,610
In the previous video we did the same with the virtual machine and you saw that I only needed to forward

32
00:02:18,610 --> 00:02:22,790
one packet in order to get to the page of my virtual machine.

33
00:02:23,020 --> 00:02:25,520
But from now on I had to forward several of them.

34
00:02:25,540 --> 00:02:29,760
And right now I should have Twitter loaded as we can see it is not loading anymore.

35
00:02:29,770 --> 00:02:35,980
I forwarded all the packets and I received all of the responses from the server.

36
00:02:36,040 --> 00:02:42,100
Now in order to check that you can go under ETP history and you will see right here all of the domains

37
00:02:42,150 --> 00:02:48,320
all of the websites that you visited in the process of connecting now there are a bunch of these detect

38
00:02:48,320 --> 00:02:50,130
portals you will always have them.

39
00:02:50,240 --> 00:02:53,690
You just want to find the website that you're searching for.

40
00:02:53,690 --> 00:02:59,650
And in mine you find that you can see the response to all of your requests as we can see.

41
00:02:59,870 --> 00:03:03,590
Maybe it is easier for you to view it right here.

42
00:03:03,590 --> 00:03:06,020
So here we have Twitter dot com.

43
00:03:06,020 --> 00:03:08,720
That is the page the search for.

44
00:03:09,380 --> 00:03:15,770
And here we can see the first request that we sent in order to check out the response on that request

45
00:03:15,770 --> 00:03:16,670
that we sent.

46
00:03:16,730 --> 00:03:18,440
You just click here on response.

47
00:03:18,470 --> 00:03:21,540
And this is the response of the server.

48
00:03:21,640 --> 00:03:26,440
And as we talked before it is consisted of the head and body.

49
00:03:26,440 --> 00:03:31,690
So here we have the head and with a bunch of these set cookie options.

50
00:03:31,690 --> 00:03:36,970
Let me just find them I just saw them I can see.

51
00:03:37,120 --> 00:03:43,120
So basically this is just a body right here starts the body which is the age the email code.

52
00:03:43,150 --> 00:03:44,110
We talked about that.

53
00:03:44,140 --> 00:03:47,070
But let me just find the set cookie option here.

54
00:03:47,080 --> 00:03:47,740
This.

55
00:03:47,800 --> 00:03:52,990
So basically this is the option that I was talking about in the HDP response video.

56
00:03:53,080 --> 00:03:57,760
This is the cookie that the Twitter set for us in order to track our session.

57
00:03:57,760 --> 00:04:04,090
So as we can see the option set minus cookie and this is our cookie right here.

58
00:04:04,140 --> 00:04:11,340
Now there are a bunch of the things in the cookie as well as path domain secure which means HDP only

59
00:04:11,340 --> 00:04:14,460
set cookie may max age expires.

60
00:04:14,450 --> 00:04:17,400
It basically says when does the cookie expire.

61
00:04:17,400 --> 00:04:28,320
So it expires on Monday 18 February 2019 which means it expires today on this time.

62
00:04:28,530 --> 00:04:31,260
So that's one of the things that we covered here.

63
00:04:31,290 --> 00:04:37,020
We can also have the status status code which is 200 OK we successfully loaded the page so we got the

64
00:04:37,020 --> 00:04:39,380
status quo 200.

65
00:04:39,410 --> 00:04:41,890
These are just bunch of the options that we do not care about.

66
00:04:41,920 --> 00:04:46,190
So we can go down here and here start the HDMI code of the page itself.

67
00:04:46,430 --> 00:04:51,700
So this is what we load it is basically a huge code.

68
00:04:51,700 --> 00:05:01,570
So we do need to watch it since the Web site is quite big so that's how you can check the request and

69
00:05:01,570 --> 00:05:03,380
the response of a certain package.

70
00:05:03,400 --> 00:05:05,600
You can go on to the post here.

71
00:05:05,620 --> 00:05:07,620
We have a post request.

72
00:05:07,870 --> 00:05:10,400
You can check the response right here.

73
00:05:10,420 --> 00:05:11,740
Here is the request.

74
00:05:11,740 --> 00:05:17,080
Now these are there are some of the options that we do not care about for example this is not really

75
00:05:17,170 --> 00:05:19,740
that important to us.

76
00:05:19,940 --> 00:05:25,730
Now what is important is that as a turn the intercept on once again.

77
00:05:25,730 --> 00:05:31,630
So if I turn right here off and turn it on and here.

78
00:05:31,640 --> 00:05:35,190
So let's say for example I want to log in now.

79
00:05:35,240 --> 00:05:42,480
We said that the packet that we send with our username and password will be a post request.

80
00:05:42,500 --> 00:05:48,950
So once I type here The Post through the username and password we should be sending the post request

81
00:05:48,950 --> 00:05:50,190
to the website.

82
00:05:50,240 --> 00:05:51,470
So let us try that.

83
00:05:51,470 --> 00:05:55,840
If I just I hear anything and press here.

84
00:05:55,880 --> 00:05:57,380
Log in.

85
00:05:57,380 --> 00:06:00,950
You will notice that it is logging since we turn the intercept on.

86
00:06:00,950 --> 00:06:06,980
But right here we have the packet that we want to send as a post request.

87
00:06:06,980 --> 00:06:12,950
Here we can see the basic ETP headers a structure.

88
00:06:12,950 --> 00:06:21,380
And here we can see user name or email for double use and password Five W's so we can see our packet

89
00:06:21,500 --> 00:06:30,900
from here if I forwarded it will send to server the user name and email with this user name and this

90
00:06:30,900 --> 00:06:37,430
password right here and these are just bunch of the things that we do not care about at the moment.

91
00:06:37,430 --> 00:06:44,170
Now if you for example turn the intercept on or forward this packet that is just forward it and forward

92
00:06:44,170 --> 00:06:46,780
a bunch of other packets it doesn't really matter.

93
00:06:46,820 --> 00:06:49,840
It will give us an arrow that this account doesn't exist.

94
00:06:50,240 --> 00:06:56,480
So you might be needing to forward a couple packets as we can see there are no longer packets arriving

95
00:06:56,480 --> 00:06:58,320
so we forwarded them all.

96
00:06:58,340 --> 00:07:02,330
And it says the user name and password to enter did not match our records.

97
00:07:02,420 --> 00:07:05,880
Please double check and try again.

98
00:07:05,920 --> 00:07:09,250
Now let's try to change that in the search.

99
00:07:09,370 --> 00:07:10,930
Let's change the packet itself.

100
00:07:11,080 --> 00:07:14,170
So let's just go back one page.

101
00:07:14,350 --> 00:07:17,130
We should go to the logon page once again

102
00:07:20,160 --> 00:07:20,400
now.

103
00:07:20,400 --> 00:07:27,180
Also I forgot to mention that using purple suit your name Internet might be slower and you will be loading

104
00:07:27,570 --> 00:07:32,570
pages a little bit slower than usually but it is not a big deal.

105
00:07:32,730 --> 00:07:34,210
So we can see that this.

106
00:07:34,260 --> 00:07:36,080
Let's just go to the new menu page.

107
00:07:36,090 --> 00:07:37,160
It doesn't really matter.

108
00:07:37,160 --> 00:07:39,120
Twitter dot com.

109
00:07:39,210 --> 00:07:41,520
It could be that my intercept is on of course.

110
00:07:41,520 --> 00:07:42,630
That's why I couldn't afford it.

111
00:07:42,630 --> 00:07:47,420
So let's just turn it off and we loaded the Twitter page.

112
00:07:47,650 --> 00:07:56,840
Now let us turn the intercept on once again and let us send again the same user name and same path four

113
00:07:56,880 --> 00:07:58,920
which is five w's.

114
00:07:58,930 --> 00:08:05,870
And if I click here log in you can see that it is stuck since our intercept is off.

115
00:08:05,900 --> 00:08:06,730
Now let me just.

116
00:08:06,770 --> 00:08:07,970
This is a previous package.

117
00:08:07,990 --> 00:08:08,680
It doesn't matter.

118
00:08:08,690 --> 00:08:10,270
Here's our packet packet.

119
00:08:10,430 --> 00:08:20,040
And here let me try to change the user name into for these as you can see for peace.

120
00:08:20,250 --> 00:08:27,240
And if I tried to forward this packet and forward all the other packets it will still give us the wrong

121
00:08:28,030 --> 00:08:35,460
user name and password but it will show that the user name wasn't for WS it was for peace.

122
00:08:35,670 --> 00:08:41,010
As you can see right here without any interaction with the page itself through the web browser we managed

123
00:08:41,010 --> 00:08:46,860
to change the user name through our burps it so that is another useful thing to know.

124
00:08:46,860 --> 00:08:51,180
It will be used later on in order for us to brute force Web sites.

125
00:08:51,420 --> 00:08:57,330
For example you just add a password list and you change the packets as they add as your former them

126
00:08:57,780 --> 00:09:08,530
and it tries every different password instead of the password that you specified right here so we can

127
00:09:08,530 --> 00:09:10,030
turn the intercept off right now.

128
00:09:10,690 --> 00:09:15,880
And as I said before in order to check the websites that you visited you can go to the ATP history or

129
00:09:15,880 --> 00:09:16,870
onto the target.

130
00:09:16,870 --> 00:09:24,400
And here you can also see the website that you visited.

131
00:09:24,450 --> 00:09:30,920
Now there are a lot of other options that I will show off that I will show you later on.

132
00:09:31,110 --> 00:09:37,320
For now on it is enough for you to understand that there is a request and response that you can check

133
00:09:37,320 --> 00:09:38,210
out in purple shirt.

134
00:09:38,310 --> 00:09:42,660
And also you can change the structure of packets.

135
00:09:42,660 --> 00:09:47,810
You can also lead some of the things you can also change usernames passwords.

136
00:09:47,910 --> 00:09:49,710
For example you can also

137
00:09:52,340 --> 00:09:55,660
let us go back once again.

138
00:09:55,840 --> 00:10:00,690
So we go back to the log in page intercept on.

139
00:10:00,910 --> 00:10:04,460
And then if I just type here something.

140
00:10:04,450 --> 00:10:10,390
Once again no it doesn't matter what the user name and password is we can say it is stuck and here the

141
00:10:10,390 --> 00:10:18,810
post request with the user name for WS and past for five Ws we can change for example the user agent.

142
00:10:18,940 --> 00:10:28,550
Now if we delete this we will no longer be sending our information to the server who will not send our

143
00:10:29,800 --> 00:10:34,870
basically our what version of Web browsers are we running and what operating system are we running.

144
00:10:35,830 --> 00:10:41,270
So it is good if you do not want the server to know the sum of the information about you.

145
00:10:41,290 --> 00:10:50,400
So if we forward this packet you will get some of the other sites forward them all and let us finish

146
00:10:50,400 --> 00:10:52,470
this these couple packets.

147
00:10:52,470 --> 00:10:55,950
So once it finishes we get the same error.

148
00:10:56,280 --> 00:11:06,120
But if we go right here and we go to the A.P. history let me just go right here to the Twitter and find

149
00:11:06,120 --> 00:11:06,900
the packet

150
00:11:10,780 --> 00:11:11,470
where we sent it.

151
00:11:11,470 --> 00:11:16,130
It should be all the way down I believe.

152
00:11:16,150 --> 00:11:18,150
Let me just find it.

153
00:11:18,220 --> 00:11:19,760
Log in there log in there.

154
00:11:19,900 --> 00:11:26,540
Kay we basically just want to find the post requests here.

155
00:11:26,540 --> 00:11:31,290
There are certainly post requests.

156
00:11:31,500 --> 00:11:38,340
And as you can see right here the different difference between these two which this one was the previous

157
00:11:38,340 --> 00:11:44,850
one and this one was the one we sent right now is that this one has the user range it which basically

158
00:11:44,850 --> 00:11:52,890
says that we are using Mozilla 5.0 Linux and this one below is the same request with the same user name

159
00:11:52,890 --> 00:11:56,310
and same password but we deleted the information about ourselves.

160
00:11:57,870 --> 00:12:05,460
So the server will no longer be getting the information about our browser and our operating system which

161
00:12:05,460 --> 00:12:11,540
is another layer of anonymity for you so that's about it for this story all these were just some of

162
00:12:11,540 --> 00:12:15,500
the basics and me showing some of the things for this program.

163
00:12:15,620 --> 00:12:19,840
We will continue in the next lectures and I hope I see you there.

164
00:12:20,030 --> 00:12:20,270
My.