.png)
4 years ago
198 BOOK THIS SPACE FOR AD
ARTICLE AD
Let’s Start:-
Disclaimer:-
Steps:-
1] We can find BurpSuite Community Edition within Kali Linux or download any version of burpsuite.
2] I am using kali linux we need to install TOR on our kali linux.
Commands-
# apt update
# apt install tor
3] Enable and start TOR service and check if the service is listening on port 9050.
4] We need to configure Burp to use TOR as Socks Proxy.
- Navigate to User Option-> Connection-> SOCKS Proxy and click Check button — Use Socks proxy. Insert the TOR socket settings as below.
5] Configure Burp Listener port and check all the client request.
6] Configure CA certificate on your FireFox browser and navigate to http://burp/ download CA certificate and import on your browser.
7] After this we can check to intercept any .onion site or any site anonymously using TOR service.
8] Now all the setup has been done for any security assessment on a Dark-Web.
9] Here we can apply all the test cases as we used to do with a non TOR website using burp.
And here I was lucky enough to get a Cross Site Scripting (XSS)on this TOR portal.
10] Now it was the time to report the admin. And yes I reported to the admin using there own feedback form.
11] Thereafter they also replied for the issue reported.
Note:- Here I used a temporary Email account. I hope you do the same.
Anyways it was FUN one, Thanks for reading.
You can Connect with me :-
Twitter :- https://twitter.com/imsushantkamble
Linkedin :- https://in.linkedin.com/in/iamsushantkamble
Facebook :- https://www.facebook.com/iamsushantkamble/
Bengali (Bangladesh) · 
English (United States) ·