Bug Hunting on Dark Web !!!

3 years ago 164
BOOK THIS SPACE FOR AD
ARTICLE AD

Sushant Kamble

Let’s Start:-

Disclaimer:-

Image for post

Image for post

Steps:-
1]
We can find BurpSuite Community Edition within Kali Linux or download any version of burpsuite.

Image for post

Image for post

2] I am using kali linux we need to install TOR on our kali linux.
Commands-
# apt update
# apt install tor

3] Enable and start TOR service and check if the service is listening on port 9050.

Image for post

Image for post

4] We need to configure Burp to use TOR as Socks Proxy.
- Navigate to User Option-> Connection-> SOCKS Proxy and click Check button — Use Socks proxy. Insert the TOR socket settings as below.

Image for post

Image for post

5] Configure Burp Listener port and check all the client request.

Image for post

Image for post

6] Configure CA certificate on your FireFox browser and navigate to http://burp/ download CA certificate and import on your browser.

7] After this we can check to intercept any .onion site or any site anonymously using TOR service.

8] Now all the setup has been done for any security assessment on a Dark-Web.

9] Here we can apply all the test cases as we used to do with a non TOR website using burp.
And here I was lucky enough to get a Cross Site Scripting (XSS)on this TOR portal.

Image for post

Image for post

10] Now it was the time to report the admin. And yes I reported to the admin using there own feedback form.

Image for post

Image for post

11] Thereafter they also replied for the issue reported.

Image for post

Image for post

Note:- Here I used a temporary Email account. I hope you do the same.

Image for post

Image for post

Anyways it was FUN one, Thanks for reading.

You can Connect with me :-

Twitter :- https://twitter.com/imsushantkamble
Linkedin :- https://in.linkedin.com/in/iamsushantkamble
Facebook :- https://www.facebook.com/iamsushantkamble/

Read Entire Article