Modifying Client Request Interception
By adjusting the client request interception options in Burp Suite, you can control which requests are intercepted and viewed while you're working.
Browsing the internet and visiting other websites will only be intercepted by Burp Suite for items within its scope.
Follow these steps to modify your settings:
Navigate to the "Proxy" tab at the top of the Burp Suite interface.
Select the Proxy Settings sub-tab to access Burp Proxy settings.
In the "Request Interception Rules" section, you can define the conditions for capturing requests.
Enable "And /URL/is in target scope" and click OK.
Make the same changes in the "Response Interception Rules" section.
By adjusting the client request interception options in Burp Suite, you can control which requests are intercepted and viewed while you're working.
Browsing the internet and visiting other websites will only be intercepted by Burp Suite for items within its scope.
Follow these steps to modify your settings:
Navigate to the "Proxy" tab at the top of the Burp Suite interface.
Select the Proxy Settings sub-tab to access Burp Proxy settings.
In the "Request Interception Rules" section, you can define the conditions for capturing requests.
Enable "And /URL/is in target scope" and click OK.
Make the same changes in the "Response Interception Rules" section.
Adding an SSL Certificate to Your Browser
We must add a certificate to our browser to intercept and analyze encrypted communication between the client and server.
When your browser requests a secure website (HTTPS), the transmission is encrypted using SSL/TLS encryption. Burp Suite acts as a "man-in-the-middle" by intercepting and decrypting the communication using the generated certificate.
However, for this to happen, the client must trust the generated certificate. By importing Burp's CA certificate into the client's trust store, the client authorizes Burp Suite to perform the interception and decryption.
We must add a certificate to our browser to intercept and analyze encrypted communication between the client and server.
When your browser requests a secure website (HTTPS), the transmission is encrypted using SSL/TLS encryption. Burp Suite acts as a "man-in-the-middle" by intercepting and decrypting the communication using the generated certificate.
However, for this to happen, the client must trust the generated certificate. By importing Burp's CA certificate into the client's trust store, the client authorizes Burp Suite to perform the interception and decryption.
Let's see how Burp Proxy works with DVWA. We'll try logging into the application.
Username: admin
Password: admin
When we click the login button, our request to the server will be intercepted by Burp Suite, and we can choose to edit the parameters before sending it to the server to receive a response.
At this point, we can forward the request as is, delete the request, or even change what's sent to the server, such as changing the username or password value in the header.
Username: admin
Password: admin
When we click the login button, our request to the server will be intercepted by Burp Suite, and we can choose to edit the parameters before sending it to the server to receive a response.
At this point, we can forward the request as is, delete the request, or even change what's sent to the server, such as changing the username or password value in the header.
Since Comparer requires multiple responses, we must send different requests to the server. Because this is a command execution vulnerability, we should be able to run the
The comparator data is divided into three parts. The main window is where you can view the items to be compared, such as item number, length, and data. The upper right of the screen has options for "Paste, Load, Delete, or Clear" data. The lower right of the screen provides two options for comparing data: either compare by "word" or by "byte".
ls command. We'll append the command to the IP address in the request and send it to the server. Then, right-click the response and send it to Comparer.The comparator data is divided into three parts. The main window is where you can view the items to be compared, such as item number, length, and data. The upper right of the screen has options for "Paste, Load, Delete, or Clear" data. The lower right of the screen provides two options for comparing data: either compare by "word" or by "byte".
The difference in answers is evident from the data length. We'll compare the two answers by word count and see the results. Enabling "Synchronous View" allows both windows to move simultaneously, making it easier to spot the differences.
The Comparator displays the data in three different colors: orange for "Modified," blue for "Deleted," and yellow for "Added."
If we scroll down, we can see some differences in the data received from the server. We were able to successfully execute the command and display the contents of the directory.
The Comparator displays the data in three different colors: orange for "Modified," blue for "Deleted," and yellow for "Added."
If we scroll down, we can see some differences in the data received from the server. We were able to successfully execute the command and display the contents of the directory.
Web Application Security
Web application security protects online-accessible resources such as static web pages, web applications, and APIs from cyberattacks, data theft, unethical competition, and other threats. Below are some cutting-edge penetration testing tools provided by Kali.
sqlmap is an open-source penetration testing tool that automatically detects and exploits SQL injection vulnerabilities in database systems. It can help you enumerate targets, perform database fingerprinting, read and write to remote file systems, and crack passwords.
Web application security protects online-accessible resources such as static web pages, web applications, and APIs from cyberattacks, data theft, unethical competition, and other threats. Below are some cutting-edge penetration testing tools provided by Kali.
sqlmap is an open-source penetration testing tool that automatically detects and exploits SQL injection vulnerabilities in database systems. It can help you enumerate targets, perform database fingerprinting, read and write to remote file systems, and crack passwords.
Analysis of the Cobalt Strike backdoor revealed that it first checks if the system time is before January 16, 2025. If the current system date is before January 16, 2025, code execution continues; otherwise, the process terminates.
Next, it acquires system information and encrypts this information using RSA and AES encryption algorithms before sending a heartbeat packet.
Subsequently, it decrypts the configuration information using a string decryption algorithm (subtracting 7 and multiplying by 16). Afterward, it sends data, receives returned data, and performs task processing.
Next, it acquires system information and encrypts this information using RSA and AES encryption algorithms before sending a heartbeat packet.
Subsequently, it decrypts the configuration information using a string decryption algorithm (subtracting 7 and multiplying by 16). Afterward, it sends data, receives returned data, and performs task processing.
Password Cracking
Using the aircrack-ng program, we performed a dictionary attack on the captured handshake and attempted to crack the password. We used the previously mentioned fern-wifi universal password file.
The command is:
Using the aircrack-ng program, we performed a dictionary attack on the captured handshake and attempted to crack the password. We used the previously mentioned fern-wifi universal password file.
The command is:
aircrack-ng HackDump-01.cap -w /usr/share/wordlists/fern-wifi/common.txt. The cracking attempt began. We already knew the password was in this list. In less than a second, Aircrack-NG tried 400 passwords and found the correct one. We now have access to the network.