{ Burp Suite, Man-in-the-middle-attack }
| Section 0. Background Information |
- What is Damn Vulnerable Web App (DVWA)?
- Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable.
- Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
- What is Burp Suite?
- Burp suite is a java application that can be used to secure or crack web applications. The suite consists of different tools, like a proxy server, a web spider an intruder and a so called repeater, with which requests can be automated.
- Pre-Requisite Labs
- Damn Vulnerable Web App (DVWA): Lesson 1: How to Install DVWA in Fedora 14
- BackTrack: Lesson 1: Installing BackTrack 5 Rx
- Lab Notes
- In this lab we will do the following:
- We will configure Firefox to use Burp Suite as its Proxy
- We will configure Burp Suite to accept requests from Firefox.
- We will use Burp Suite to capture a PHPSESSID cookie.
- We will create a curl statement to test a man-in-the-middle-attack.
- We will use Firefox Cookies Manager+ to set up a man-in-the-middle-attack
- Legal Disclaimer
Bài lab chỉ dùng trong môi trường lớp học
| Section 1. Configure Fedora14 Virtual Machine Settings |
- Open Your VMware Player
- Instructions:
- On Your Host Computer, Go To
- Start --> All Program --> VMWare --> VMWare Player
- Edit BackTrack Virtual Machine Settings
- Instructions:
- Highlight fedora14
- Click Edit virtual machine settings
- Edit Network Adapter
- Instructions:
- Highlight Network Adapter
- Select Bridged
- Click on the OK Button.
| Section 2. Login to Fedora14 |
- Start Fedora14 VM Instance
- Instructions:
- Start Up VMWare Player
- Select Fedora14
- Play virtual machine
- Login to Fedora14
- Instructions:
- Login: student
- Password: <whatever you set it to>.
-
| Section 3. Open Console Terminal and Retrieve IP Address |
- Start a Terminal Console
- Instructions:
- Applications --> Terminal
- Switch user to root
- Instructions:
- su - root
- <Whatever you set the root password to>
-
- Get IP Address
- Instructions:
- ifconfig -a
- Notes:
- As indicated below, my IP address is 192.168.1.106.
- Please record your IP address.
| Section 4. Configure BackTrack Virtual Machine Settings |
- Open Your VMware Player
- Instructions:
- On Your Host Computer, Go To
- Start --> All Program --> VMWare --> VMWare Player
- Edit BackTrack Virtual Machine Settings
- Instructions:
- Highlight BackTrack5R1
- Click Edit virtual machine settings
- Edit Network Adapter
- Instructions:
- Highlight Network Adapter
- Select Bridged
- Do not Click on the OK Button.
| Section 5. Login to BackTrack |
- Start BackTrack VM Instance
- Instructions:
- Start Up VMWare Player
- Select BackTrack5R1
- Play virtual machine
- Login to BackTrack
- Instructions:
- Login: root
- Password: toor or <whatever you changed it to>.
- Bring up the GNOME
- Instructions:
- Type startx
| Section 6. Open Console Terminal and Retrieve IP Address |
- Open a console terminal
- Instructions:
- Click on the console terminal
- Get IP Address
- Instructions:
- ifconfig -a
- Notes:
- As indicated below, my IP address is 192.168.1.105.
- Please record your IP address.
| Section 7. Configure Firefox Proxy Settings |
- Start Firefox
- Instructions:
- Click on Firefox
- Preferences
- Instructions:
- Edit --> Preferences
- Preferences
- Instructions:
- Click on Advanced
- Click on the Network Tab
- Click on the Settings Button
- Preferences
- Instructions:
- Click on Manual proxy configurations
- Type "127.0.0.1" in the HTTP Proxy Text Box
- Type "8080" in the Port Text Box
- Check Use the proxy server for all protocols
- Click OK
- Click Close
| Section 8. Configure Burp Suite |
- Start Burp Suite
- Instructions:
- Applications --> BackTrack --> Vulnerability Assessment --> Web Application Assessment ---> Web Vulnerability Scanner --> burpsuite
- JRE Message
- Configure proxy
- Instructions:
- Click on the proxy tab
- Click on the options tab
- Verify the port is set to 8080
- Turn on intercept
- Instructions:
- Click on the proxy tab
- Click on the intercept tab
- Verify the intercept button shows "intercept is on"
| Section 9. Intercept with Burp Suite |
- Browse to DVWA's homepage
- Instructions:
- http://IPADDRESS/dvwa/
- Replace IPADDRESS with the Fedora's IP Address obtain in (Section 3, Step 3).
- Notice that the DVWA homepage will not be displayed, but instead you will get a Connecting message.
- Continue to Next Step.
- Forward Request
- Instructions:
- Click on the Forward Button 3 times.
- View History
- Instructions:
- Click on the proxy tab
- Click on the history tab
- Click on /dvwa/login.php
- Click on the request tab
- Click on the raw tab
- Notice that a PHP cookie session is now established, even without logging to the application.
-
- Login to DVWA
- Instructions:
- Username: admin
- Password: password
- Click Login
- Notice that the DVWA Navigation Menu will not be displayed, but instead you will get a Connecting message.
- Continue to Next Step
- Forward Request
- Instructions:
- Click on the Forward Button 3 times.
- View login.php results
- Instructions:
- Click on the proxy tab
- Click on the history tab
- Click on /dvwa/login.php line that contains method POST.
- Click on the request tab
- Click on the raw tab
- Notice that we now have the PHP Session ID, Username and Password.
- Copy Session Information
- Instructions:
- Highlight the PHPSESSID information (See Below)
- Right Click
- Copy
- Start Up Notepad
- Instructions:
- Applications --> Wine --> Programs --> Accessories --> Notepad
- Paste URL into Notepad
- Instructions:
- Edit --> Paste
- Create a curl statement
- Instructions:
- curl -b "security=high; PHPSESSID=reoctn5dfb89qlcggl2sm5jfe4" --location "http://192.168.1.106/dvwa/index.php" | grep -i Welcome
- We are creating a curl statement to simulate a man-in-the-middle attack.
- PHP Session Note: Remember to use the PHP Session information you captured in (Section 9, Step 7).
- IP Address Note: Remember to use the IP Address Captured in (Section 3, Step 3).
- Highlight curl statement.
- Right Click and Copy
| Section 10. Curl Man-in-middle-attack |
- Open a console terminal
- Instructions:
- Click on the console terminal
- Issue Attack
- Instructions:
- Edit --> Paste
- Press <Enter> after you verify the curl statement was correctly pasted.
- Without supply any username and password information, notice you see the Welcome title displayed after logging into DVWA.
| Section 11. Firefox Man-in-middle-attack |
- Booting up WindowsVulerable01
- Instructions:
- Start up VMware Player
- Select WindowsVulerable01
- Edit Virtual Machine
- Configuring the Network Adapter
- Instructions:
- Select Network Adapter
- Select Bridged Connection
- Select OK
- Play WindowVulnerable01
- Instructions:
- Select Play virtual Machine
- WindowsVulerable01 Authentication
- Instructions:
- Login as administrator
- Start FireFox
- Instructions:
- Start --> All Programs --> Mozilla Firefox
- Go to Add-ons
- Instructions:
- Tools --> Add-ons
- Install Cookies Manager+ 1.5.1
- Instructions:
- Search for cookies
- Click the Install button next to Cookies Manager+ 1.5.1
- Restart Firefox
- Instructions:
- Click Restart now
- Browse to DVWA's Login Page
- Instructions:
- http://192.168.1.106/dvwa/login.php
- Replace 192.168.1.106 with the DVWA's address obtained in (Section 3, Step 3).
- DO NOT LOGIN!!!
- Start Cookies Manager+
- Instructions:
- Tools --> Cookies Manager+
- Edit PHPSESSID Cookie
- Instructions:
- Select the PHPSESSID cookie that was just created
- Click on the edit button
- Replace PHPSESSID Cookie
- Instructions:
- Delete the PHPSESSID in the Content textbox.
- In the Content textbox, Paste the PHPSESSID obtained from (Section 9, Step 7).
- Click Save
- Click the Close Button
- Launch Man-in-middle-attack
- Instructions:
- Replace login.php with index.php. Your URL should look similar to the following:
- http://192.168.1.106/dvwa/index.php
- Remember to replace 192.168.1.106 with DVWA's IP address obtained in (Section 3, Step 3).
- Press <Enter>
- Notice you just by-passed the login screen and successful completed a man-in-the-middle attack.
| Section 12. Clean Up Notes |
- On BackTrack's Firefox
- Instructions:
- Edit --> Preferences
- Edit Network Settings
- Instructions:
- Click on Advanced
- Click on Network Tab.
- Click on Settings Button.
-
- Configure Connection Settings
- Instructions:
- Click on No proxy radio button
- Click on the OK Button
- Click on the Close button
- Proof of Lab
- Proof of Lab Instructions:
- Pull up your BackTrack Terminal Window
- history | grep curl | grep Welcome | grep -v history | tail -1
- date
- echo "Your Name"
- Replace the string "Your Name" with your actual name.
- e.g., echo "John Gray"
- Do a <PrtScn>
- Paste into a word document
- Upload to Www.AnToanThongTin.Edu.VN
-
0 nhận xét:
Đăng nhận xét