1
00:00:00,810 --> 00:00:02,009
Instructor: Welcome back.

2
00:00:02,009 --> 00:00:05,220
Time to configure the tool called Burp Suite.

3
00:00:05,220 --> 00:00:08,580
And Burp Suite is a tool that allows us to intercept

4
00:00:08,580 --> 00:00:11,220
and take a look at different HTTP requests

5
00:00:11,220 --> 00:00:13,200
and HTTP responses.

6
00:00:13,200 --> 00:00:16,110
It also allows us to change those HTTP requests

7
00:00:16,110 --> 00:00:19,710
to our liking and then forward them to our target.

8
00:00:19,710 --> 00:00:21,630
It is also considered a proxy,

9
00:00:21,630 --> 00:00:24,870
so everything and every link that we visit

10
00:00:24,870 --> 00:00:27,570
through our Firefox from now on will go

11
00:00:27,570 --> 00:00:28,710
through Burp Suite first

12
00:00:28,710 --> 00:00:31,110
and we'll be able to inspect all

13
00:00:31,110 --> 00:00:34,350
of our HTTP requests and responses.

14
00:00:34,350 --> 00:00:37,620
Let us see how we can configure it and get it to work.

15
00:00:37,620 --> 00:00:39,480
So we already got Burp Suite

16
00:00:39,480 --> 00:00:41,700
inside of our Kali Linux machine.

17
00:00:41,700 --> 00:00:45,360
If you go onto the menu and then Web Application Analysis,

18
00:00:45,360 --> 00:00:47,940
you will have it right here.

19
00:00:47,940 --> 00:00:49,470
The first thing that we want to do

20
00:00:49,470 --> 00:00:52,230
is double click it to start it up.

21
00:00:52,230 --> 00:00:54,660
This will start up the Burp Suite community edition

22
00:00:54,660 --> 00:00:56,460
and there is also professional edition

23
00:00:56,460 --> 00:00:57,990
that you must pay for.

24
00:00:57,990 --> 00:00:58,823
But for now on,

25
00:00:58,823 --> 00:01:01,230
we're just going to cover the community edition,

26
00:01:01,230 --> 00:01:03,030
inside of this course.

27
00:01:03,030 --> 00:01:06,180
It might give you this error you just want to click on OK.

28
00:01:06,180 --> 00:01:08,550
And in just a few seconds,

29
00:01:08,550 --> 00:01:12,270
we should have the main menu of Burp Suite open up.

30
00:01:12,270 --> 00:01:14,610
And here it is, Terms and Conditions,

31
00:01:14,610 --> 00:01:16,380
I want to click on Accept,

32
00:01:16,380 --> 00:01:18,630
and here it tells us an update is available.

33
00:01:18,630 --> 00:01:21,690
I'm not really interested in the update at the moment.

34
00:01:21,690 --> 00:01:23,970
Here I want to select the Temporary project,

35
00:01:23,970 --> 00:01:26,940
click on that and click on Next.

36
00:01:26,940 --> 00:01:29,310
I want to select right here Use Burp defaults

37
00:01:29,310 --> 00:01:31,920
and start Burp Suite.

38
00:01:31,920 --> 00:01:36,090
After a few seconds, it should open something like this,

39
00:01:36,090 --> 00:01:40,410
and we can see a lot of things are happening on our screen.

40
00:01:40,410 --> 00:01:42,060
If I enlarge it, you will see

41
00:01:42,060 --> 00:01:44,640
that we get bunch of different options

42
00:01:44,640 --> 00:01:46,680
with this Burp Suite tool,

43
00:01:46,680 --> 00:01:49,410
but let's not think about them at the moment.

44
00:01:49,410 --> 00:01:51,120
For now, let us just think

45
00:01:51,120 --> 00:01:53,880
about how we can configure our Burp Suite to be used

46
00:01:53,880 --> 00:01:56,730
by Firefox as a proxy.

47
00:01:56,730 --> 00:01:59,550
Well, the first thing that we want to do is navigate

48
00:01:59,550 --> 00:02:00,900
to the Burp Suite tool,

49
00:02:00,900 --> 00:02:03,270
click on Proxy right here,

50
00:02:03,270 --> 00:02:06,963
and under the Proxy we get this Options tab.

51
00:02:07,890 --> 00:02:10,979
Under the Options, we will have these Proxy Listeners,

52
00:02:10,979 --> 00:02:12,810
and under the Proxy Listeners

53
00:02:12,810 --> 00:02:14,940
you want to select this right here

54
00:02:14,940 --> 00:02:17,310
and you want to click on Edit.

55
00:02:17,310 --> 00:02:21,210
If you don't have anything right here, just click on Add.

56
00:02:21,210 --> 00:02:23,790
Here we want to bind to Port 8080,

57
00:02:23,790 --> 00:02:27,300
and we want to bind to address Loopback only.

58
00:02:27,300 --> 00:02:30,960
Once you get this set up, click on OK.

59
00:02:30,960 --> 00:02:32,670
And after you got this,

60
00:02:32,670 --> 00:02:35,730
what we want to do is we want to navigate to our Firefox,

61
00:02:35,730 --> 00:02:38,190
and on these three lines right here,

62
00:02:38,190 --> 00:02:41,580
we want to navigate to the Preferences.

63
00:02:41,580 --> 00:02:43,770
Under the General tab in the Preferences,

64
00:02:43,770 --> 00:02:45,870
we want to navigate all the way down,

65
00:02:45,870 --> 00:02:48,720
and at the last option where we got Network Settings,

66
00:02:48,720 --> 00:02:51,480
we want to click on Settings.

67
00:02:51,480 --> 00:02:55,320
Here it'll ask us to Configure Proxy Access to the Internet,

68
00:02:55,320 --> 00:02:59,103
and we want to set here Manual Proxy Configuration.

69
00:03:00,210 --> 00:03:01,770
Under the HTTP proxy,

70
00:03:01,770 --> 00:03:03,210
we want to set the IP address,

71
00:03:03,210 --> 00:03:05,430
and in our case we are going to set the IP address

72
00:03:05,430 --> 00:03:07,800
of our localhost which is for everyone

73
00:03:07,800 --> 00:03:09,570
this IP address right here,

74
00:03:09,570 --> 00:03:13,260
and the port should be 8080.

75
00:03:13,260 --> 00:03:17,820
And then we can set Use this proxy for all protocols.

76
00:03:17,820 --> 00:03:20,580
Also, make sure that the SOCKS v5 is checked,

77
00:03:20,580 --> 00:03:23,973
and once you do all of that, you can click on OK.

78
00:03:24,840 --> 00:03:25,950
Now that we did this,

79
00:03:25,950 --> 00:03:30,153
if I go and try to visit google.com,

80
00:03:32,400 --> 00:03:35,640
it'll tell me software is preventing Firefox

81
00:03:35,640 --> 00:03:37,920
from safely connecting to this website.

82
00:03:37,920 --> 00:03:40,860
And you should get this error too.

83
00:03:40,860 --> 00:03:42,390
Why does this happen?

84
00:03:42,390 --> 00:03:47,390
Well, our Firefox doesn't really trust our Burp Suite tool,

85
00:03:47,400 --> 00:03:50,280
and currently all of the packets are going

86
00:03:50,280 --> 00:03:53,130
through this tool before we can see them on our screen.

87
00:03:53,130 --> 00:03:55,410
So we're getting a warning from the Firefox

88
00:03:55,410 --> 00:03:57,600
that some software is preventing

89
00:03:57,600 --> 00:04:00,750
from having a secure connection to that website.

90
00:04:00,750 --> 00:04:02,490
What can we do about this?

91
00:04:02,490 --> 00:04:04,530
Well, we can go to our Firefox,

92
00:04:04,530 --> 00:04:07,860
and visit any HTTP website that we want.

93
00:04:07,860 --> 00:04:11,430
It won't present us a problem for HTTP websites.

94
00:04:11,430 --> 00:04:15,180
It'll only present us a problem for HTTPS websites.

95
00:04:15,180 --> 00:04:17,730
But we also want to visit HTTPS websites,

96
00:04:17,730 --> 00:04:21,180
such as Facebook, such as Google, and all the others.

97
00:04:21,180 --> 00:04:25,020
To do that, we must type this link inside of our search bar,

98
00:04:25,020 --> 00:04:29,880
which is HTTP, two dots, slash slash and then burp.

99
00:04:29,880 --> 00:04:31,170
Press Enter,

100
00:04:31,170 --> 00:04:34,620
and you will open this page right here.

101
00:04:34,620 --> 00:04:37,590
It'll tell us, welcome to Burp Suite Community Edition,

102
00:04:37,590 --> 00:04:40,830
and here we will be able to download the certificate

103
00:04:40,830 --> 00:04:43,980
which we can then import inside of our Firefox,

104
00:04:43,980 --> 00:04:47,700
and make Firefox trust our Burp Suite tool.

105
00:04:47,700 --> 00:04:49,920
So just click on CA Certificate,

106
00:04:49,920 --> 00:04:51,030
click on Save File,

107
00:04:51,030 --> 00:04:52,713
and click on OK.

108
00:04:53,790 --> 00:04:56,130
Once you do that, the file will be inside

109
00:04:56,130 --> 00:04:57,600
of our Downloads directory,

110
00:04:57,600 --> 00:04:59,160
as we can see it right here,

111
00:04:59,160 --> 00:05:00,600
this is its name,

112
00:05:00,600 --> 00:05:04,590
and all we need to do is go back to the Preferences

113
00:05:04,590 --> 00:05:06,210
inside of our Firefox,

114
00:05:06,210 --> 00:05:09,030
navigate to Privacy and Security,

115
00:05:09,030 --> 00:05:13,290
and all the way down, we will have a Certificates part.

116
00:05:13,290 --> 00:05:14,490
Under the Certificates part,

117
00:05:14,490 --> 00:05:16,680
we want to click on View Certificates,

118
00:05:16,680 --> 00:05:19,743
and we want to click on Import a certificate.

119
00:05:20,700 --> 00:05:22,770
Then you want to navigate to the Downloads directory,

120
00:05:22,770 --> 00:05:25,380
select the certificate that we just downloaded,

121
00:05:25,380 --> 00:05:27,123
and then click on Open.

122
00:05:28,260 --> 00:05:31,680
We want to select Trust this CA to identify websites,

123
00:05:31,680 --> 00:05:35,550
and Trust this CA to identify email users.

124
00:05:35,550 --> 00:05:37,020
Click on OK.

125
00:05:37,020 --> 00:05:39,633
And also click on OK, right here.

126
00:05:40,500 --> 00:05:44,553
If I go back and I refresh google.com,

127
00:05:46,110 --> 00:05:48,000
it seems to still load,

128
00:05:48,000 --> 00:05:50,490
it doesn't really do anything.

129
00:05:50,490 --> 00:05:53,250
So why isn't it loading our page?

130
00:05:53,250 --> 00:05:55,920
Well, in the Burp Suite, by default,

131
00:05:55,920 --> 00:05:57,600
you should see if you go back

132
00:05:57,600 --> 00:05:59,970
after trying to open Google once again,

133
00:05:59,970 --> 00:06:02,850
that this Proxy will turn orange,

134
00:06:02,850 --> 00:06:05,820
and this Intercept will also turn orange.

135
00:06:05,820 --> 00:06:09,240
So if we go to Proxy and then Intercept,

136
00:06:09,240 --> 00:06:12,240
we will have an HTTP request.

137
00:06:12,240 --> 00:06:14,910
And this is a request that we just initiated

138
00:06:14,910 --> 00:06:19,020
to the host, www.google.com.

139
00:06:19,020 --> 00:06:22,380
We can see all of those fields that we talked about,

140
00:06:22,380 --> 00:06:24,780
such as Host, such as User-Agent,

141
00:06:24,780 --> 00:06:26,760
under the User-Agent we can see

142
00:06:26,760 --> 00:06:29,700
which type of web browser are we using.

143
00:06:29,700 --> 00:06:31,770
We can also see the Cookie right here.

144
00:06:31,770 --> 00:06:34,260
And the reason why we are not loading the page

145
00:06:34,260 --> 00:06:35,670
and it is still loading right here,

146
00:06:35,670 --> 00:06:38,820
is because the Intercept is turned on.

147
00:06:38,820 --> 00:06:41,490
This means it'll intercept this packet

148
00:06:41,490 --> 00:06:45,990
before it actually forwards it to the web page.

149
00:06:45,990 --> 00:06:49,680
We can forward it manually by pressing this,

150
00:06:49,680 --> 00:06:52,020
or we can just turn the Intercept off

151
00:06:52,020 --> 00:06:55,080
and then it'll not intercept any packets.

152
00:06:55,080 --> 00:06:56,430
So if I go back to Google,

153
00:06:56,430 --> 00:06:59,643
right now you can see we successfully loaded Google.

154
00:07:00,780 --> 00:07:03,630
If we want, we can go right here under the Target

155
00:07:03,630 --> 00:07:06,150
and we can see all the links that we visited

156
00:07:06,150 --> 00:07:08,040
while the Burp Suite was running.

157
00:07:08,040 --> 00:07:10,140
So we can see Google right here

158
00:07:10,140 --> 00:07:11,880
and we can see all of the requests

159
00:07:11,880 --> 00:07:14,430
and response that we got for the Google.

160
00:07:14,430 --> 00:07:18,000
So here is the request for the www.google.com

161
00:07:18,000 --> 00:07:19,050
that we just did,

162
00:07:19,050 --> 00:07:21,510
and here is the response from the Google

163
00:07:21,510 --> 00:07:23,640
that says Status Code 200 OK,

164
00:07:23,640 --> 00:07:25,740
which means we successfully loaded the page,

165
00:07:25,740 --> 00:07:27,630
which we indeed loaded,

166
00:07:27,630 --> 00:07:30,573
and here is the code of that page.

167
00:07:31,530 --> 00:07:32,370
Cool, right?

168
00:07:32,370 --> 00:07:36,513
Now we can intercept any packets to any website.

169
00:07:37,350 --> 00:07:40,380
Great. Now that we covered the configuration of Burp Suite,

170
00:07:40,380 --> 00:07:41,640
in the next video,

171
00:07:41,640 --> 00:07:44,670
we can go and perform our first attack.

172
00:07:44,670 --> 00:07:46,140
And in the future videos,

173
00:07:46,140 --> 00:07:48,120
we're also going to cover more details

174
00:07:48,120 --> 00:07:49,530
about this Burp Suite tool.

175
00:07:49,530 --> 00:07:50,400
But for now on,

176
00:07:50,400 --> 00:07:51,780
we just managed to configure it

177
00:07:51,780 --> 00:07:52,950
and we are ready to,

178
00:07:52,950 --> 00:07:53,790
in the next video,

179
00:07:53,790 --> 00:07:56,310
perform our first attack.

180
00:07:56,310 --> 00:07:57,143
See you there.