Hello Everyone, This is Ayush if you haven’t read the previous blog then please read it by clicking on above link in which we have discussed important concepts which is necessary for further blogs.
In our previous blog we discussed about what is penetration testing, phases of penetration testing, types and knew about OWASP Methodology.
Now today in this blog we’ll set up our environment for further writeups in which we’ll learn about some web vulnerabilities.
Choose an operating system: The first thing which we have to do is choose operating system , I’ll recommend to use unix based system, like Kali Linux as it comes with many pre-installed which is used for penetration testing or in bug bounty and in digital forensics. To download it you can read our first day writeup, click here.
Set up proxy: After successfully installing kali linux, we’ll set up proxy with firefox. Here question will come in mind , What is Proxy ?
Proxy is nothing but a software or program that sits between client and server , similar to VPN. All the traffic from client to server goes through proxy and from server to client goes through proxy.
In our case proxy sits between the browser and web servers we interact with. This proxy intercepts request before passing them to server and vice versa. By using proxy we can easily modify the request and response that is going to the server or coming from the server.
We’ll use BURP Proxy to intercept the request and response and we’ll do setup for it.First install foxy proxy extension in your firefox in linux, click here.
2. FoxyProxy options page will open then click on add on top left.
3. Now enter the following details as shown below in fig.
4. Now click on save.
5. Now to open burpsuite , click on top left icon of kali linux and then search for burpsuite.
6. Burpsuite: Burpsuite is very powerful automated tool and also it can be used manually , mostly for web application testing. It comes in two versions one is community version and other is paid version. We get community version as pre installed in linux. To use paid version you’ll need to buy it.
7. Now we have configured firefox , now we’ll set up burp.
8. After clicking on Burp Suite, click Next, then Start Burp. You should see a window as shown in below fig.
9. Now let’s configure burp, click on proxy then make sure intercept is on.
10. Now open your firefox and click on foxyproxy icon and select burp.
11. Now open firefox to install burp’s certificate on firefox to work with https traffic. With burp open and running , open http://burp in firefox.
You’ll see a windows like below fig.
12. Just click on CA certificate then certificate will download.
13. Now , in Firefox, click Preferences>Privacy & Security>Certificates>View Certificates>Authorities. Click Import and select the file you just saved, and then click Open. Then mark Trust this CA to identify websites.
14. Now restart firefox and select burp in foxy proxy, now we are all set to intercept both http and https request.
15. Let’s do a quick test on 3xabyt3.medium.com whether it’s intercepting req or not.
Note: Burp will intercept request whenever intercept is on, if it’s off then it’ll not intercept.
Just open 3xabyt3.medium.com in your browser when intercept is on then open burp, you’ll see windows like below.
Now click on forward then website will open. If you dont’t see then make sure you have done all setting properly.
That’s it for today guys, will meet in next one and thank you so much for all your support now we have reached more than 100+ followers and it’s a big deal in just 15 days, thank you so much.
In next one we’ll learn in detail about burpsuite.
Happy Learning and Happy Hacking !