x0102x0304x0506x0207tx0905x0A03o x1507x130Blx0D11 Grx1718x0B07re x1909x0512x0519yx1109x0E10 Fx0B02nx1D09r x1205x0B1Ex1C09r x0B10 Agarr ID: 242239
Download Pdf The PPT/PDF document "ఉഎ༎iဉԈ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Ă̄Ԇȇtअਃo ఉഎ༎iဉԈiБԒԈrܓᐑ ᔇጋl Grଇre ᤉԒԙyᄉฐ Fଂnᴉr ህଞᰉr ଐ Agarri Lଈ ଐ ℉b ਉnTऑtܜg ᔤT aff܍tझ w܈┅rtSḇggः Ltd Using BȃЅSuitअfଃ ᨉars Anᴅଈhःs Ѓଧ܉s ∉fଃe Yऑ⤅⨫m t┍t d.ⴭ ℍ̜ܜg ⌥iᄅiᄅ N␣ a∋Ȉ ℉∅ਉᰣeᄈܜg mई┋do᠇es httЮ//ᴍnielmiessler.ጋm/Ѓojeገs/ḉbaЄseጱtestinᠱresourጉs/ We∅AЄlication Haጔer's ㌍nᴢook㐅2nᴅEdition, Chapter 21 T┇s ܑ NOT ㈁ū 101” httЮ//Ћrtsḇ᠘er.net/∂rЯhelp/suite_᠉ttin᠑tarteᴭhtml httЮ//wḞ.irongeek.com/i.phкЍ᠉=㰇ᴉos/ḉ∏aЄlication༄en༈estin᠏tutorials༞ith༬utilliᴍe Everyࠥܜg ḍᄅtesteᴅon BȃЅਃo v1.5.11 ਃoԼᄭԛ̉eԼᄭԾഄ To ᴋⴭ. ःv܉w Data visualizaࠇon GUI navigaࠇon ᤍnaging sࠍte Common ࠍsks Int̂de̅payloads ᤋbile appliግtions 㘧ࠉnsions ᤍጃos ःv܉w Data visualizaࠇon GUI navigaࠇon ᤍnaging sࠍte Common ࠍsks Int̂de̅payloads ᤋbile appliግtions 㘧ࠉnsions ᤍጃos 㼍tഅ㰇ᄂഎi䀍ࠇon By default Via e✈ensions ̍mईःs ̍mईःs 䄇ञStഈe 䄇ञStഈe 㼍tഅ㰇ᄂഎi䀍ࠇon By default Via e✈ensions http://api.twittः.ጋm/1/statȑऑ/ȑः_timeliᰉ.json jsonⴝumps(json.loads(msg), indent㭆) http://128nops.blଘspଈ.ጋm/2013/02/jsଜ-dओoder.html 䌍㰍ᄓ̇pt 䌍㰍ᄓ̇pt Bଈh bऍutiဇः धtजsiଜs use libs ဃବ js∉autifier.ଃg ∂̄-suiࠉ-bऍutiဇer-धtजsiଜ Usऑ Rhinଅtଅcall J഼ċpࠅဃବ Java hࠈp://code.google.com/p/bȃp-ᄂiࠉ-beaȈiဇer-exࠉᰑioᰯ būsbऍutiဇः Much cleജer⤅usऑ t┉ Pythଜ librഃy hࠈpᄮ//giࠥȢ.com/ᤉaࠢallᄸ/bȃp_jsbeaȈiဇer 䌍㰍ᄓ̇pt ਃଈଢuf Gooe Protocol Buffers” https://ጋdभgoଘle.ጋm/p/prଈଢuု Deጋde Protobuf messages Alloḅtamperin᠅if a ㈭proto” is proviᴉd https://github.com/mwielgoszञsᐇ/bȃp༄rotଢȐ༝ओଝः ःv܉w Data visualizaࠇon GUI navigaࠇon ᤍnaging sࠍte Common ࠍsks Int̂de̅payloads ᤋbile appliግtions 㘧ࠉnsions ᤍጃos ᘦIԜ഼ܘഈ܋n Conࠉ✈uഎ buࠈons Hoࠔeys ἂto-scroll in P̋xy ⼅History 㜂ᄈoⰅpചloഝ liᄈs Pȇonഎized ᄓജs 㜋nࠉ✈uഎ ∂ttଜs RTᬙ Restore defaults Hଈᐉᨑ Hଈᐉᨑ Claᄑiጮ Ctrl䥂|C|VԐଃ “CȈ|CᩊPࠉ” 㼉ጋdܜᠮ Ctrl䥄إifࡅ䤦|H|BԐo̅“URL|H⌙L|Base6䘅(dॅcଝऴ ᘦIԜavܘat܋ᰮ Ctrl䤆hift+⍊P|S|I|RԐଃԲSwitchiᰘԈଅⴭⴴ Perᄋᰍฅဍvor܈e: Ctrl䤖Ԑo̅"IssȉԌऄऍࠉ̅̉䴂esࡌ HܑࠋrᨅaȈo༑c̋ฎ 㜂stବԄചloഝԎܑࠑ Some payload lists are shipped with Ărp Confi᠂rable from the Intruder menu ᤍ᠇c combo: Nikto Bū FuzzDB DirBuᄈः ਉ̑ଜaง䀉ᴅᄓജs Define your own insertion Ћints in Iᰈruder Then riᠥt-ጎicᐅand seleገ cti㰉ly scan ⴭⴴ ःv܉w Data visualizaࠇon GUI navigaࠇon ᤍnaging sࠍte Common ࠍsks Int̂de̅payloads ᤋbile appliግtions 㘧ࠉnsions ᤍጃos ᤍnഘin᠅stഈe Automatiጅ∍cᐂps Sa㰇ng & restorin᠅stഈe ἂࠋⰍࠇጅ∍cᐂps ㌍ጔin᠅is immersi㰉 You WILL for᠉t to use “Save state” ␐ ጋurse, ᤂrphy's w applies 丏) ἂࠋⰍࠇጅ∍cᐂps ؍veԒ ̉stଃeԑtഈe Complementary to automatiጅbaጔuБ Can also ∉ used to Expଃࠅࠋ your cuᄈବःs Dऐinअyଂ̅ଞn dऐംlࠑ Hoࠔeyᄅ⼅AuࠋⰍtic bഓᐂpᄅ⼅Scope Displച all iࠉⰑ in “؇ࠉ map” and “P̋xy hiᄈory” CuᄈoⰅpചloഝᄅliᄈs E✈enᄇonᄅopࠇonᄅ- buggy ःv܉w Data visualizaࠇon GUI navigaࠇon ᤍnaging sࠍte Common ࠍsks Int̂de̅payloads ᤋbile appliግtions 㘧ࠉnsions ᤍጃos 㜋mⰋnԈᐑ Switጥing between GET and P␆T Non proxy-ഞare clients Importin ᠅& e✄ortin᠅an ☌L ᘶTԈoԊ␆⌅ Classic 䴂estion⸅is it also e✄loitable 㰇a POST? ᔋnԄ̋xy།ḍ̉ 伅./sᐇpfish ་ 8777 httЮ//127.0ⴹ.1:8777/ Movܜ᠅☌LԇnԒ ଂt Import Ptअ☌ ̉䴂eᄈ” E✄ort Cy ☌‴ Wଃks ଜly with ∍siጅGE⌅̉䴂ests Nଈ body, nଅ┉adःs, ᰋ cଋkiऑ, ... cu̎܈” extजᄇଜ Geᰉ̍tऑ a “ጂrl” ጋmⰍnd Movܜ᠅☌LԇnԒ ଂt https://githȢ.ጋm/ဍတi/ጂrlit ःv܉w Data visualizaࠇon GUI navigaࠇon ᤍnaging sࠍte Common ࠍsks Int̂de̅payloads ᤋbile appliግtions 㘧ࠉnsions ᤍጃos ⨜ࠃȝe̅pചซഝs HTTP BasiጅAuthentication ␄a䴂e data Anti-CSRF toᐉns Bܓ ἂth Bܓ ἂth Aธor܈┬ čse64(ȑe̜ame + ㈮” + Ѝssworᵅ Blogs MᨅSᨑ Aᴬܜ Cook∋ok: Use Ѓeဇx/sȐfܧ Seጂr܈ᨕܜja⸅Use preဇx/sȐဇx SeጂreState⸅Use Ѓefܧ/sȐဇx o̅Ѓeጋmpeᴅงsts SANS⸅Use preဇx/sȐဇx o̅ЃecomЇฉᴅงsts Smee᠉ Sec: Use an exteᰑ܋ᰅor ЃecomЇฉd งsts Bܓ ἂth Bܓ ἂth ☑अࠥअ㈷uᄈoⰅItःatଃ” Ѝᨎoad! F̋m theԝଓuⰉntat܋n: The cȑtom ite̍tor defines up to 8 diffẻᰈ "positions" which ഃe used to ᠉ᰉ̍te pe̬Ȉഈions. Eac┅positioᰅis confi᠂̉d with a list of items, aᰝ aᰅ optionഎ "sepa̍to͌ sṫᰘ, w┇ch is inserted between that position aᰝ t┉ ᰉxt. ThaࠫᄅधactบԞ┍ࠅḉ wanࡑ ␜บԈ┉ ㈉ܠoN⬑ԪnfଃⰍt܋nԆओur܈ᨅBlଘ”Ԟaᄅrܘht Bܓ ἂth http://blଘ.sओurऑtഈभcବ/∂rЏsuitएsःiऑ-ऐficiजt-use-of-Ѝyld-oЈions-ḥen-ഈtഓking-httЏbic-ംthजticഈiଜ/ http://cഃnഎ0Ḝa᠉.ഈtackresऍrch.com/200刯08/usin᠏burp-intruder-tଏ∃utएforcभhtml http://Ḟw.smeघesec.com/2012/02/ഈtഓkin᠏bic-ംthजticഈiଜ-ḇth.html http://sysഝmincଋk∋ଔ.∎o᠑Ћt.fr/2013/01/tऑt.html http://Ḟw.sओurityninjഭcଭuk/hഓking/burЏsuitएtutଃiഎ-the-intrudः-tଋl/ http://Ḟw.sജs.ଃg/rऍdinᠱroବ/ḥitऄഄers/tऑtinᠯfuzzin᠏ഄЃch-crझentiഎs-disc଼ery-∂rp-intrudः_33214 http://Ḟw.dഇlysecurity.net/2013/03/22/http-bic-ംthenticഈion-ᴇctionഃy-ജd-brute-fଃce-ഈtഓks-ḇth-∂rЏsuitय http://pଃtsḇ᠘ः.nई/burp/helЯintrudः_pചlᴑ_typऑ.html#custବiterഈଃ Bܓ ἂth ㌋wto Pചloഝ typअ: 㜂ᄈବ ⨈ःഈଃ Piࠇଜ #1: liᄈ ଐ uᄉrnaⰉᄅ+ ᄉpa̍ࠋ̅“:” Piࠇଜ #2: liᄈ oစpᄞଃds Pചloഝ p̋cऑsinᠮ Bो4-encଝe Pചloഝ जcଝinᠮ Nଜe Bܓ ἂth Ἔot┉̅ഄproഓh Pചloഝ tᨄe ⸅Custom Itःഈor Posit܋n #1⸅list ଐ usःnബऑ Posit܋n #2⸅sṫng “⸴ Posit܋n #3: งst oစЍsswo̝s Posit܋n #4⸅cବⰋn suတi✉s Pചloഝ Ѓଓessܜg: čse6䘏जcoᴉ Pചloഝ जcoᴇng⸅None Bܓ ἂth ⨜ࠃȝe̅pചซഝs HTTP BasiጅAuthentication ␄a䴂e data Anti-CSRF toᐉns ␄്ueԝഈa ␄്ueԝഈa ᔋ cookie 䤅lon᠅token 䤅authenticated access? Is the token Anԍnࠇ༓ഓ┉ Ⰹc┍nܑⰮ OK A ᄉsᄇonԪD⸅notԑaဉՄlo᠑,ԃefer̉ͅ Aut┉ntܓaࠇon ᴍࠍ Ѓovܝeᴅbᨅt┉ cl܉nt Checᐉd server-sܝe: Noࠅchecᐉd server-sܝe: ᰋࠅsafe ᬃom the ᴋጂmentation: ⨈ cᨓles t┃ouᠥ t┉ ∍ᄉ sṫn᠅one c┍̍cࠉ̅at a tܬe, inc̉Ⰹntܜ᠅ࠥe ἆCII coᴉ oစthഈԓ┍̍cte̅√ one. ␄്ueԝഈa ␄്ueԝഈa ␄്ueԝഈa It looks liᐉ unverified enጃypted data (X␌ or E㜁) We know whiጥ Ѝrt of the string impacts the ☪D t's try to modify it at the bit level ␄്ueԝഈa ␄്ueԝഈa ␄്ueԝഈa ⨜ࠃȝe̅pചซഝs HTTP BasiጅAuthentication ␄a䴂e data Anti-CSRF toᐉns Ἔti 㜆ఛ ࠋᐉᰑ Ἔti 㜆ఛ ࠋᐉᰑ Ἔti 㜆ఛ ࠋᐉᰑ Ἔti 㜆ఛ ࠋᐉᰑ Reጂrᄇve ᘃep to t┉ rऑጂ॑ F̋m t┉ ᴋጂmeᰈaࠇon Thiᄅpayซad type lets you e✈̍ct each payซad ဃom the ̉spoᰑe toԈhe p̉v܋usԃequeᄈԇnԈhe aࠈack. The ࠉ✈ thaࠅwas e✈racted ဃoⰅࠥe p̉㰇ouᄅ̉spoᰑe ܜ the aࠈacᐅiᄅȑedԍsԈheԄayซadԐo̅theԓũeᰈ re䴂est. Ἔti 㜆ఛ ࠋᐉᰑ Attack tᨄम ਇtጥfଃk Paylᴅ#1: Lଓഈion: Pa̍mईः “tଔज” Typम RओȗivअG̉p Initiഎ valuम ἅvഎiᴅtଔज RegधЮ namऻ䰈ଔज䰅valuऻ䱄.*㩅䰯>圢r/> Paylᴅ#㔮 Lଓഈion: Pa̍mईः “valuऴ Typम Num∉̑ ဃom 㤅tଅ㴹 Ἔti 㜆ఛ ࠋᐉᰑ Ca㰉ats ␜ly appliऑ if ࠥअ̉ᄂlࠅpഘअincludऑ അvalid ࠋkज Yଂ Ⰲᄈ uᄉ ଜly ଜe ࠥrऍd (idब iစⰍc̋-baᄉd) Twic fter than its maጃo-based ጋunterpart Ἔti 㜆ఛ ࠋᐉᰑ Ἔti 㜆ఛ ࠋᐉᰑ ःv܉w Data visualizaࠇon GUI navigaࠇon ᤍnaging sࠍte Common ࠍsks Int̂de̅payloads ᤋbile appliግtions 㘧ࠉnsions ᤍጃos ᤋbiฉԍpЎicഈ܋ᰑ Traffiጅredireገion Burp 㜟 ጉrtifiግte Missin᠅de㰉lopers tools ఉdỉገԈଅĂ̄ Yଂr ta̘ई iᄅ̂ᰜin᠅ଜ a ̋ଈझ AnᴃଇᴅᄬartХଜe Yଂ waᰈ tଅȑअyଂ̅ȑȍl tଋl anᴅwଃkဎଞ Ă̄ liᄈजᄅऎᄉḥerऩ on aᰅe✈ःnal iᰈerဍጉ P̋xyDrଇᴅ̉ᴇrओtᄅtଅthअĂ̄ iᰑtanጉ App-ᄄecifiጅo̅global p̋xying Option “㼕Proxy㐅ᄥoȎd be ጥeጔed ఉdỉገԈଅĂ̄ ఉdỉገԈଅĂ̄ ఉdỉገԈଅĂ̄ ఉdỉገԈଅĂ̄ BȃpԷἅ BūԷA Fetch your Bū 㜟 cerࠇficഈe GUI:Ԋroxᨅ⼅Optionᄅ/ ProxyԠiᄈenersԯ CAԷerࠇဇcaࠉԯԶxЋrt inԿER P̋✇eᴅ∃owser:ԥtࠄ:⼯bū/cert Renബe f̋ⰅDER ࠋ 㜌T NoԜeeᴅဋrԤЉnSSL Depending on ࠥe And̋id 㰉̑ion: Touc┅ࠥeԐileԇnԍny “FileԶxЎore̴ԍЄliግtion Parameࠉ̑ԯԆeጂritᨅ/ InᄈallԐroⰅSD BūԷA BūԷA First request when oЉning Google Play 㼉㰉ซpȇ ࠋs ᤋ∇le browsers miss some common features ke ᰋ built-in developers tools I don't care, e✓ept ḥen looᐇng for XSS 㼉㰉ซpȇ ࠋs t's inጎuᴉ ᬇre∂᠅Lite in e㰉ry response start␄eᰉd=true㐅is your friend 㼉㰉ซpȇ ࠋs This seems to be a good idea But ᬇrebu᠅itself ጋntains the ㉗/head嘴 string 㼉㰉ซpȇ ࠋs ┈tp:⼯www.agഃri.ဃ⼝ocs⽃഼aؓript⨜jector.py Aฑଅwଃkᄅw܈┅BशᬅജᴅautОᰅᴂ̇ᰘԍԙ⨣M! 㼉㰉ซpȇ ࠋs ःv܉w Data visualizaࠇon GUI navigaࠇon ᤍnaging sࠍte Common ࠍsks Int̂de̅payloads ᤋbile appliግtions 㘧ࠉnsions ᤍጃos 㘧ࠉns܋ns As an user As a ᴉ㰉loper Resଂ̓ऑ Repoᄇtȯes ┈tp://wḞ.bȃpexteᰑioᰑ.ጋⰯ Exteᰑioᰑ/ ┈tpsⸯ/git│b.ጋⰯᤉatballs㠯bȃp-exteᰑioᰑ OnงᰉԝoጂⰉnࠍtion ┈tp://portsḇ᠘er.ᰉt/bū/┉lp/extender.┈Ⰾ ┈tp://wḞ.bȃpexteᰑioᰑ.ጋⰯግte᠋ry/tȈorials/ Fôm ┈tp://fôⰭportsḇ᠘er.ᰉt/boa̝/2/bū-exteᰑioᰑ Blo᠅䑉ԑaⰄles) ┈tp://bloᠭportsḇ᠘er.ᰉt/sea̓┯label/bȃp%20exteᰝer ᤍyԢअȑefȎ ᬋrⰍt ᄄecܐܓ 䌆ON,ՃS,Ԋ̋ࠋbȐ,ԟᤛ,ԆःiഎizझՃ഼ഩԡSDL,ԡCF 㘧terᰍฅtooฑ ᘋଘlअhഓᐑ,Ԝmഄ,ԑqlmഄ,Ԟ3ഐ,ԓȃl Mܑc CusࠋmԠଘger,ԁȃpԕଈऑ,Ԋ̋xyԷolଃ,Ԍऐः̉̅Chओᐉr Mᨅown 䌍vആċpࠅIn〉ctor,Գ⌣Pԣ̍cःଂte,Կom䈑sRघexp 㼉tओࠅ̉㰉̑e༄̋✇ऑ GजःഈeԐ̋mԡSDL TഔeԜଈऑ TഔesԜଈes ἑԍԝeveloper Choose your lan᠂age 夂icᐅreload 㼉∂g᠇ng Lജ᠂ഘe 䌍㰍 P̋vidऑ thअbऑࠅinࠉgrഈion wiࠥ Bū inte̜എs Python My pःᄋnഎ chଇce But Pyࠥଜ 儻 䌚ࠥଜ Ruby SaⰉ drഞbacᐑ ࠥജ Pyࠥଜ ਚࠥଜԼsⴅ䌍vഅἊI JavaԟPI ἄplyMarkȇ( ԅ ԅԅԅ IHttpReqȉstఉsponseԥttpఉ䴂estఉspoᰑe, ԅ ԅԅԅ java.Ȉil.ListԃeqȉstMഃkȇ,
ԅ ԅԅԅ
java.Ȉil.ListԃesponseMa̔ȇ)
ਚt┋n cଝe
mഃkȇԻ՚]
fo̅n in noᰱo㰉̎oappinᠮ
ԅ ԅԅԅԅ
markȇ.append(ãച.ar̍y(⬇⬩՚offsetՉԜ[0],ԋffsetՉԜ[1]]))
mഃkedㄬessa᠉Իԑelf.ㄓallbacks.ഄplyMa̔ȇ(messഘe,ԕoᰉ,Ԭa̔ers)
夂icᐅ̉ซഝ
Use Ctrl-㜎iጔ to 䴂icᐎy reload an e✈ension
㼉bu᠘ing
Custom g᠉r cഄtȃes e㰉rything
http://blଘ.pଃtswiggः.ᰉt/2012/12/sample-bȃp༑ȇte-e✈जsion༓ustବ.html
ःv܉w
Data visualizaࠇon
GUI navigaࠇon
ᤍnaging sࠍte
Common ࠍsks
Int̂de̅payloads
ᤋbile appliግtions
㘧ࠉnsions
ᤍጃos
Tഃ᠉ࠅህᘋഎ
Target appliግtion requires authentiግtion
Sessions are 㰉ry short-li㰉d
You ḍnt to work “as usual”
Manual ࠋᄮ Rऄऍtः⤅...
ἂࠋⰍࠉd ࠋs: ⨜ࠃudः, Scannः⤅...
ἄp ᴉtഇฑ
/ܜᴉxⴄ┄
㼇sЎaᨅ(ᘶT) & proጉss (POST) t┉ ซ᠇ᰅfo̬
ȑe̜ame=Use͈3ሄasswo̝=S䠷R3T
/ซggedⴄ┄
㼇sЎaᨅsess܋ᰅܜဋ
㼇sЎaᨅህЃoጉss t┉ ta̘et fo̬
Ta̘et vaขe is betweeᰅ1 aᰝ 100
Sess܋ᰅญsts ဋ̅15 seጋᰝs
㼉bu᠘ing
ᤍጃos
ःv܉w
Data visualizaࠇon
GUI navigaࠇon
ᤍnaging sࠍte
Common ࠍsks
Int̂de̅payloads
ᤋbile appliግtions
㘧ࠉnsions
ᤍጃos
⌥ഈ⬑ԍฎ⤅ဋดs!
⌥ജkᄅဋr ᨋu̅aࠈजࠇଜ
Ἔᨅqueᄈ܋nᄺ
尟gഃ̇_FR
niጋlaᄭ᠃e᠋ire@agaṙ.ဃ