Inhalt

Penetration Testing of Computer Networks Using BurpSuite and Various Penetration Testing Tools

Penetration Testing of Computer Networks Using BurpSuite and Various Penetration Testing Tools

Dr. Hedaya Mahmood Alasooly

Hedaya_alasooly@yahoo.com

While every precaution has been taken in the preparation of this book, the publisher assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.

Written by Dr. Hedaya Mahmood Alasooly.

1. Introduction:

1. Introduction:

Burp Suite is an integrated platform/graphical tool for performing security testing of web applications. Burp suite is a java application that can be used to secure or crack web applications. The suite consists of different tools, like a proxy server, a web spider an intruder and a so-called repeater, with which requests can be automated. You can use Burp's automated and manual tools to obtain detailed information about your target applications.

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

In this report I am using a combination of Burp tools to detect and exploit vulnerabilities in Damn Vulnerable Web App (DVWA) with low security. By default, Burp Scanner scans all requests and responses that pass through the proxy. Burp lists any issues that it identifies under Issue activity on the Dashboard. You can also use Burp Scanner to actively audit for vulnerabilities. Scanner sends additional requests and analyzes the application's traffic and behavior to identify issues.

Various examples are outlined in this report for different types of vulnerabilities such as: SQL injection, Cross Site Request Forgery (CSRF), Cross-site scripting, File upload, Local and Remote File Inclusion. I tested various types of penetration testing tools in order to exploit different types of vulnerabilities. The report consists from the following parts:

1. Installing and Configuring BurpSuite

2. BurpSuite Intruder.

3. Installing XMAPP and DVWA App in Windows System.

4. Installing PHP, MySQL, Apache2, Python and DVWA App in Kali Linux.

5. Scanning Kali-Linux and Windows Using .

6. Understanding Netcat, Reverse Shells and Bind Shells.

7. Adding Burps Certificate to Browser.

8. Setting up Target Scope in BurpSuite.

9. Scanning Using BurpSuite.

10. Scan results for SQL Injection Vulnerability with BurpSuite and Using SQLMAP to Exploit the SQL injection.

11. Scan Results for Operating System Command Injection Vulnerability with BurpSuite and Using Commix to Exploit the OS Command Injection.

12. Scan Results for Cross Side Scripting (XSS) Vulnerability with BurpSuite, Using Xserve to exploit XSS Injection and Stealing Web Login Session Cookies through the XSS Injection.

13. Exploiting File Upload Vulnerability.

14: Exploiting Cross Site Request Forgery (CSRF) Vulnerability.

15. Exploiting File Inclusion Vulnerability.

16. References.

2. Installing and Configuring BurpSuite:

2. Installing and Configuring BurpSuite:

a) Installing Community Edition of BurpSuite:

1. Go to official website of BurpSuite.

https://portswigger.net/burp

2. Go to community edition and download BurpSuite for Windows:

https://portswigger.net/burp/communitydownload

3. Install BurpSuite. In the first run burp is going to ask you to accept the terms. Select “I agree”.

4. In this page temporary project is the automatic selection because community version of burp suit does not allow you to save project into hard disk.

5. Click next . You can use “Burp Defaults”. Or you can load configurations from existing file. I am going to use the Burp defaults.

6. Then I got the following dashboard.

7. From “Settings” menu you can choose the display font size.

8. In the “Event Log” section, it displays everything that you know burp suit does in background. If any error pops up, then we can certainly identify in the Log section and fix accordingly

9. Let’s understand how proxy works. Click on “Proxy” section. Proxy is the essential part of BurpSuite because in the Proxy section we can monitor the requests that you send out from your web browser and the responses that you get back from server’s proxy. Proxy section also keeps track of the URLs that you have visited. BurpSuite is basically proxy that sits between your browser and server. When you setup proxy like BurpSuite, the request that you send out from web browser gets intercepted by proxy, the request that you send out from your web browser gets intercepted by the proxy , then you decide what to do with the request whether to forward the request to server to just to drop it and delete it. The proxy sections basically intercept the URLs and then you can now forward the URLS and requests to appropriate tools.

10. You can use burps embedded browser if you click on “Open browser”, then it should open the embedded browser. The embedded browser is specifically configured to work with BurpSuite and it basically comes on along with the installation of BurpSuite. You can also configure external browser to work with BurpSuite. In the defaults the proxy is configured to listen to incoming traffic at local host port number 8080.

11. Example, make sure to turn the intercept on. Back to BurpSuite browser. Request any website as example www.youtube.com. The BurpSuite browser is flashing. If you go to “Proxy/Intercept” section you will see that the BurpSuite proxy intercepted the request made from web browser. The BurpSuite browser is hanging because it is waiting the BurpSuite proxy to forward the request it is holding or it has intercepted. We can drop or delete the request or we can forward the request. When we select forward, the web page is loaded to the browser.

12. BurpSuite browser removed the SSL layer. SSL layer encrypts the traffic that the application received and sends out. BurpSuite needs data in plain text to work.

13. “Proxy/Http history” section saves the URLs that you have visited.

14. Click on “Target” tab. By default, the BurpSuite intercepts all web applications or URLs you visit. And when you actually doing or testing a website you actually don’t care about anything except the website or application you are testing. We can use “Target Scope” feature in BurpSuite to tell BurpSuite to crawl the application you are testing and it will ignore everything except the application you are testing. Add the URL of the website that you are interested to test.

15. From “Proxy/Options” section, we must check “And URL” options in “Intercept Client Requests” and “Intercept Server Requests” sections.

16. In “Target/Site Map”, you can select filter to filter the links to show only the “Target/Scope” URLs.

b) Installing Professional Edition of BurpSuite:

b) Installing Professional Edition of BurpSuite:

1. Professional Edition of BurpSuite is not available for free. But the crack of Professional Edition is available on the internet.

2. I installed jdk-16_windows-x64_bin.exe to make it simpler to install BurpSuite crack.

3. Download any BurpSuite crack from the internet. All cracks work in in same way. As example, I downloaded the crack of Burp_Suite_Professional_2022.2.2_Beta in Windows. When you open the folder, you get two files burploader.jar and burpsuite_pro_v2022.2.2.jar.

4. Run burploader.jar. Copy the License key and Press Run Button.

5. Now go to command line and change directory to the into the same folder you extracted the BURPSUITE file and type the below command:

> java -javaagent:burploader.jar -noverify -jar --illegal-access=permit burpsuite_pro_v2022.2.2.jar

6. The BurpSuite Professional program will run. Press I Accept to agreement.

7. Copy the key and Paste it into license field, and click next.

8. Now Press on “MANUAL ACTIVATION”

9. Now follow the steps in below image and copy paste the activation codes accordingly, and click next

Your BurpSuite Professional will be activated.

3. BurpSuite Intruder:

3. BurpSuite Intruder:

1. BurpSuite is basically intruder that allows you to brute force usernames and password in a web application. And the intruder is the most flexible tool available out there for brute forcing and the intruder does a lot more than brute forcing. You can automate attacks such as SQL injection or XSS as well.

2. The website we are going to test for intruder is from acunetix.com. This website allows you to test your web pen testing skills online in legal environment. Visit testphp.vulnweb.com

3. Go to the web page testphp.vulnweb.com and login with the username test and put any password.

4. In BurpSuite “Proxy/Intercept” section, you get the parameters that we sent out to the form in the right side. You can see also the parameters from “Request Body Parameters” section. We can send the information to any of these tools: Intruder, Repeater, Sequencer, Decoder, Comparer.

5. I sent the information to the intruder. The Intruder has flashed and received the information.

6. In the “Payload Positions”, BurpSuite has marked few areas. Basically, these are the areas that we can inject the input. BurpSuite basically thinks that these are the potentially vulnerable areas that you can exploit.

7. In the “Attack type” menu there are different types of attacks. We are going to test Sniper attack. Sniper attack is used in the scenarios when you know either the username or password. In our case we know the username and we are going to test different passwords. As we I am going to test the password field only, I selected it using “Add” option and I deselected the username by using “Clear” option. That means we are going to inject password in Password field.

8. Payload set = 1 this is because we have to supply one word list. In payload tools we can provide all of the following tools that intruder provides. When we choose payload type as simple list, we can either load the existing word list from hard disk or we can supply words manually. In order to load from hard disk, click on load and select the location. We can add lists manually too. Then click start attack.

9. Sniper starts now to inject passwords into password field. Intruder tried all passwords we supplied to it. To know the correct password, we have to hunt for different length. The different length was 6250 when the password was “test”. We get whole bunch of information. Basically, when you login successfully the web application has to pull additional information about the user. So, the page size becomes bigger.

Impressum

Verlag: BookRix GmbH & Co. KG

Tag der Veröffentlichung: 24.02.2023
ISBN: 978-3-7554-3344-6

Nächste Seite

Seite 1 /