Futaba _ Webs πΈπΈππΈπΈ
Foxy Proxy πΈπΈππΈπΈ
Today Iβm going to cover the ins and outs of some of the core basics on how to use the burp suite proxy server for ethical hacking. The key point of this article is to discuss the main features that are commonly used, as well as walk through on how to use them.
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Today Iβm going to cover the ins and outs of some of the core basics on how to use the burp suite proxy server for ethical hacking. The key point of this article is to discuss the main features that are commonly used, as well as walk through on how to use them.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π Premise π Burp Suite Proxy Server π Proxy mode π Foxy Proxy Mode (Firefox extension) π Intruder Mode π Repeater Mode π Decoder Mode You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version π Patreon Version
π Foxy Proxy
Premise πΈπΈππΈπΈ
There will be live video demonstrations of course, but like always, that is for the PAID patreon members. Iβm also going to show you how to botnet and command and control with the burp suite proxy server and how to strip any and all network traffic on a multitude of systems using it!
Burp Suite Proxy Server πΈπΈππΈπΈ
The burp suite proxy server is used to intercept and analyze network traffic and handle it in various ways. It is one of the most commonly used tools when testing against OWASP vulnerabilities within web application systems. THIS IS A STAPLE TOOL THAT YOU MUST KNOW HOW TO USE!
It can be used either for defense or for offense. In our case, we are going to talk about how it applies to offensive capabilities.
Proxy mode πΈπΈππΈπΈ
Burp suite has a feature in it that is called Proxy mode, where you can focus the tool on intercepting various network data communication methods.
With this particular method, youβll be able to boot up a dummy browser session that can be used to test and track any communications that you personally send to a web application host target. Burp suite uses selenium in order to craft a test chromium browser session.
Why for yourself? Well, for starters, you can use the tool to gather in depth information on all the parameters and HTTP headers that are being sent to a target. You also have the ability to manipulate them and control how the server side will respond to you. Itβs how hackers tend to test various fuzzing methods that will allow them to bypass security and exploit a system.
You can also use this feature to analyze any and all main scripts that are on the page, and follow network traffic as it pivots within the main internal, as well as any external domains that the tool might catch.
Foxy Proxy Mode (Firefox extension) πΈπΈππΈπΈ
Now, this isnβt an exact feature that is a part of the main burp suite tool set, BUT, Firefox has a dedicated extension that allows you to set up a main proxy server on a system in order to forward all traffic to a main proxy server you have in a listening state.
This means that for an attacker, if we wanted to, and if we got creative, WE CAN BOTNET USING BURP SUITE. You can sit this on your system on a network, configure the extension on any and all systems on the network as well as the proxy server itself, and then BOOM, you can strip any and all network traffic, deciphering any and all credentials you can intercept.
You can also get creative and configure burp suite as a main proxy server within the network settings of the system you are looking to infect.
Intruder Mode πΈπΈππΈπΈ
This mode is used for brute force based attacks, where you can send network traffic from the main HTTP socket history, and then handle it to inject word list points in them to have the tool brute force against. You can even set up the tool to allow stuff like pitch force brute forcing which is used to test against login time outs to bypass brute force protection on a main system.
Repeater Mode πΈπΈππΈπΈ
Remember how I said that the burp suite tool can be used to manipulate the HTTP parameters and other information that is sent in the main request from client to server?
This mode allows you to do just that, store, modify, and repeat until you get a desired response form the server. This is crucial in case you wish to do stuff like SQL injection or RCE, and you need to see additional information that isn't shown to you from the main GUI of the site page.
Decoder Mode πΈπΈππΈπΈ
This IS YOUR BREAD AND BUTTER IF YOU ARE FUZZING. What this mode allows you to do is type and encode as you need to, as well as being able to decode in case you need it to do so as well.
Let's say for example, you found a critical flaw in a system that allows you to RCE a server, but it doesn't allow white spaces or certain characters. It can be tricky jumping back and forth between an online encoder to handle the process for you. You can use this tool to handle all of that for you and craft a clean exploit if you need to inject some code into the target.
These are some of the basic core features and how they work for now. If you would like a more detailed version with live video examples and showcases on how to use the tool, then check out my patreon in order to get all of that juicy information. You get a lot of goodies for subscribing and a lot more quality content.
If you like to see the more advanced version of this article that talks about methods that can be used to mitigate, as well as any videos included, SUBSCRIBE TO MY PATREON CYBER SECURITY TIER!
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
