Search

Friday, May 13, 2016

BURP Suite for Penetration Testing : Introduction

Intro

Environment

Ubuntu 14.04, PHP7.0, Apache

Objective

Manually do penetration test on web app using Burb Suite

Components

NOWASP Mutillidae

NOWASP Mutiliadae is a purposely vulnerable web application containing more than 40 vulnerabilities. It includes all of the OWASP top 10 vulnerabilities. NOWASP will be used as target for penetration test.

Burp Suite

This is an interception proxy tool that interacts between the client (a browser application, e.g., Firefox or Chrome) and the website or server. It will be running on my local machine and it will intercept inbound and outbound traffic between the browser and the target host. BURP Suite available in free and premium edition.

Preparation

Download & Install NOWASP

Download & Install BURP Suite

Set BURP Suite as Network Proxy

To enable BURP to intercept our web request, set your network proxy to http://127.0.0.1:8080.

Intercept with Burb

Forward or Drop

Go to Proxy > Intercept tab. Make sure Intercept is on (on button). Once request get intercepted, you may click Forward or Drop the request by clicking the corresponding button.

Examine Request / Response Parameters

Examine the parameters for both request and response.

Edit Request Parameters

Change GET request to POST request

Reference

  1. http://resources.infosecinstitute.com/manual-web-application-penetration-testing-introduction/
Posted by at No comments:
Labels:

Thursday, May 12, 2016

OWASP Mutillidae 2

OWASP Mutillidae 2

Introduction

The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. Read more about OWASP on www.owasp.org

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.

Installation

Environment : Ubuntu 14.04 TLS, Apache, PHP 7.0.5-2+deb.sury.org~trusty+1 (cli) ( NTS ).

  1. Download latest version at sourceforge.
  2. Extract and Move to your web directory
  3. Set permission on mutillidae folder

Problems found

Call to undefined function mb_convert_encoding()
Server returns 500 Internal Server Error, with error log : Call to undefined function mb_convert_encoding().
Install mbstring module & reload Apache 
sudo apt-get install php7.0-mbstring
sudo service apache2 reload
The database server at localhost appears to be offline
Mutillidae local web page shows message : The database server at localhost appears to be offline. The solution is to change db configuration in /mutillidae/classes/MySQLHandler.php. Then click link to reset DB. This will create database named nowasp (default).

Reference

Posted by at No comments:
Labels: ,

Monday, May 9, 2016

Base 64 encoding, what is it used for?

Motivation

Problem

Some system only expect string data. Example: url, mail, ...

Related to legacy system ?

Base64

The idea is to safely transport data by encode the data to safely data, i.e.:string, transfer over the network in form of bits, then redo the process backward of the recipient end.

How to it works

  • Each 3 bytes of data are concatenated.
  • The concatenated data then split to groups of 6 bits data (2^6=64,hence it's called base64)
  • Encode the bits using base64 lookup table. Yielded in a string of alphanumeric, +, and / characters.
  • Add padding characters
  • Send the data over the network. The data will be encoded to bits (using ASCII encoding ?). Since the data only contain safe characters (alphanumeric, +, /) it willsafely received on the destination. The receiving end will repeat the process backward.

Example 1: send text

Let's say we want to transfer data : 
Hello
world!
It will be sent as ASCII (or UTF-8) as like this : 
72 101 108 108 111 10 119 111 114 108 100 33
The byte 10 is corrupted in some systems so we can base 64 encode these bytes as a Base64 string: 
SGVsbG8sCndvcmxkIQ==
Which when encoded using ASCII looks like this: 
83 71 86 115 98 71 56 115 67 110 100 118 99 109 120 107 73 61 61
All the bytes here are known safe bytes, so there is very little chance that any system will corrupt this message. I can send this instead of my original message and let the receiver reverse the process to recover the original message.

Drawback

It will increase the size of data to 4 [n/3]

Reffs

  • en.wikipedia.org/wiki/Base64
  • stackoverflow.com/questions/3538021/why-do-we-use-base64
Posted by at No comments:
Subscribe to: Posts (Atom)