Adel ALLAM @apges01

web

26/07/2019

web

%0a : saut de ligne
%20 : espace

Tools : onglet de burp

TARGET : historique de tout ce qui a été visité

PROXY : utilisation du proxy

SPIDER : découvre les pages d’un site, en recherchant des liens internes

SCANNER : cherche vulnérabilitées comme Nikto, Arachni, Nessus, Skipfish

INTRUDER : fuzzer, brute force de requêtes

REPEATER : modifier request et voir response

SEQUENCER : Cet outil permet d’analyser le comportement d’un élément précis dans la réponse du serveur découlant d’une requête particulière en la testant un très grand nombre de fois. Quelques outils statistiques permettent de travailler sur la capture depuis Burp Suite, cependant l’export de ces données permet une étude plus poussée des valeurs ciblées.

DECODER : encoder, décoder, hacher des chaines de caractères

COMPARER : comporer 2 élements (2 headers http par exemple)

OPTIONS : paramètrage

ALERTS : logs importants

web application proxies

HTTP proxy is a software that is between the browser and the website (MITM), intercept all traffic that flows between them. Analyse the proxy traffic will let us understand the inner working of the application.

Burp Proxy

  • Free version has some limitations on the fuzzing tool (Intruder). It includes a web spider, Intruder, and a Repeater.
  • Nontransparent proxy: we have to configure the browser to use this proxy.
  • By default, intercept only requests from clients. We can intercept responses by changing that in Proxy, Options, Intercept Server responses.
  • We can customize client interception: specific domain, HTTP methods, cookies names,… Once intercepted, we can edit the values, forward them to the server, and analyse the response.
  • Modifying requests on the fly: in Match and Replace section, we can create rules that will look for specific values in the request and edit it on the fly automatically. For example, replace tue User-Agent value with IE, iOS, Android,…
  • Burp Proxy with HTTPS website: Burp has Self-signed certificate to be able to decrypt HTTPS communications. Proxy > Options > Proxy Listeners and export the certificat to browser to be trusted.

Zed Attack Proxy (ZAP)

  • Maintained by Open Web Application Security Project (OWASP).
  • Not easy as Burp. But includes tools to identify directories and files in a server.

ProxyStrike

Not only a proxy, il also actively finds vulnerabilities, modules to find SQLi, XSS.

Related posts