Burp Suite Tutorial | BurpSuite Basics | Burp Suite For Beginners | Bug Bounty For Beginners

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
thanks for joining the video guys my name is sunny  so in this tutorial i will be teaching you the   de facto tool for bug bounty hunters or web  pen testers yes you guessed it right the mighty   purp suite and i have created this tutorial  specifically for absolute beginners and let   me assure you even if you know the basics of burp  sweet then i'm pretty certain that you are going   to take away something from this tutorial because  i have covered most of the you can say the core   components of burp sweet in great detail so guys  if you are just starting out then this tutorial   is gonna help you a lot so guys let me give you  a brief theoretical overview of burp suite burps   with is basically a tool that you can use for for  you know finding loopholes or you can say bugs on   a web application and let me tell you burp suite  is undoubtedly the best tool available out there   for finding bugs in a web application basically  guys burp suite is a proxy now what does it mean   when i say that burp suite is a proxy i will  explain proxy later in the video when we will you   know actually do the practical because in that  way it will be a lot more easier to understand   what the proxy is and how does it work we will  start from absolutely scratch from setting up the   proxy then you know configuring the target scope  then we will move to the the very important   tool called intruder intruder is a very vast tool  that you can use for brute forcing usernames and   passwords on a web application but intruder  basically does a lot more than just brute forcing   that you are gonna find out later in the video  then we will move to the sequencer then we have   to like like encoder encoder tool basically lets  you you know encode or decode data in multiple   forms then we have something called repeater  repeater allows you to modify the requests so   guys without wasting a single bit let's begin burp  suite is pre-installed on operating systems like   kali linux and apparatus in order to download  burp suite for platforms like mac or windows   go to the portswigger.net and in product  menu go for burp suite community edition   then from here you can download the the burp suite  from this button just hit the button and your   downloading should start right away installation  steps are very simple after installing start the   burp suite in order to start burp suite on kali  linux just type sudo burp suite and hit enter on your first run burp suite going to ask  you to accept its terms click on i agree   from this page temporary project is the automatic  selection because community version of burp suite   does not allow you to save project into hard disk  so click on next here you can use burp defaults   basically the default configurations  of burp suite or you can load   configurations from an existing file just  click on load from configuration file   since we are just starting out let it be  use burp defaults click on start burp suite   so guys this is the burp suite as you can see  it is absolutely overwhelming especially for   a beginner but do not worry i will explain  all these fancy tools in the best possible   manner step by step all right so guys before doing  anything practical i want you guys to update the   burp suite to the latest version because if you  are using an older version of the burp suite then   you are missing out on many key features that i  am going to use in this tutorial so go to the help   click on check for updates and if you are using  burp suite on kali linux then run the sudo apt-get   update and sudo apt-get dist upgrade command  then it then the command should upgrade all the   packages including the burp suite all right now  guys the first thing that i'm going to do i will   change the font size as you can see the default  fonts are barely visible so go to the user options   and under the display tab we have font size now  select the size from the menu that fits you 14   should be enough and we can change the theme  as well click on theme and let's switch to the   dark as you can see guys dark theme is certainly  better in my opinion but for the the recording   purpose light is better so i'm switching back to  light theme and back to the dashboard so guys here   burp suite displays all the links that it is  it has crawled or either it is crawling and   down here it displays uh you know all the  information as you can see this is the event   log section basically it displays everything  that you know burp suite does in the background   if any error pops up then we can certainly  identify here and then fix accordingly   on your left side right side these features are  available to prove version only as you can see   basically guys the difference between the  community version and the pro version is the   automation with the pro version but suite kind  of automates most of the tasks but i assure you   the the community version is more than enough  to find the vulnerabilities all right even with   pro version you will have to do a lot of you  know manual stuff now uh click on the proxy tab   now let's understand how the proxy section  works so click on proxy proxy is absolutely   essential part of the purp suite because in the  proxy section we can monitor the requests that you   send out from your web browser and the responses  that that you get back from the servers proxy   section also keeps track of the urls that you have  visited so let's understand how the proxy works   earlier in the tutorial i specifically mentioned  that burp suite is a proxy basically burp suite   sits between your web browser and the server  let me simplify this when you search anything   from your web browser on let's say search engine  like google the search query directly goes to   the google server and then google responds back by  sending the search result back to your web browser   so this is how a normal flow of communication  is but when you set up a proxy like burp suite   the request that you send out from your web  browser gets intercepted by the proxy then we   can you know decide what to do with the request  whether to forward the request to to server or   just drop or delete it here now guys your question  may be why does burp suite need to intercept the   requests or urls that is because the tools that  you are seeing here they need data to work and   in web applications data is passed uh through  urls so proxy section basically intercepts   the urls and then we can you know forward the urls  or requests to appropriate tools now down here you   can see use burps embedded browser if you click on  open browser then it should open up the embedded   browser now guys this browser the embedded browser  is specifically configured to work with burp suite   and this browser basically comes along with  the installation of burp suite and you can also   configure external browsers like firefox to work  with burp suite there you will have to you know   perform additional tasks like installing see a  certificate then you know setting up your entire   browser as the proxy if you go to the dashboard  down here you can see proxy started on   one two seven basically this is the local host  and 8080 is the port number basically inbuilt   browser is automatically configured to listen  all the incoming traffic on port number 8080   so guys what i recommend is update the burp suite  to the latest version because the inbuilt browser   works absolutely you know flawlessly in the latest  version now let me actually demonstrate what i   explained a few moments ago make sure to turn  on the intercept feature now back to the browser   and let me request let's say youtube and press  ctrl and enter it will automatically add dot com   as you can see burp suite is flashing  and if i go to the proxy as you can   see it has intercepted the request that  i made from my web browser youtube.com   and if i go back to the browser as you  can see it is hanging here it is because   browser is waiting burp suite to forward the  request that it is holding or has intercepted   and we can drop or delete the request  right here but i'm going to forward now if i go back to the web browser as you can  see youtube has been loaded into my web browser   and you can notice a strange thing here not secure  this is because burp suite removes the ssl layer   ssl layer basically encrypts the traffic that  a web application receives and sends out and   burp suite needs data in plain text  to work now back to the burp suite   and let me forward the remaining requests now go  to the http history http history basically saves   the urls that you have visited as you can see  youtube and down here we have these bunch of   you know javascript files basically these files  are linked to the the youtube purpose with crawls   everything all the links that are linked to the  website that's how guys the purp suite proxy works   now that we have understood how the the  burp suite proxy works we can move to the   next uh thing called a target so click on target  tab by default burp suite basically intercepts   all the web applications or urls that you visit  and when you are actually doing or or testing   a website then you don't care about you know  anything else except the website or application   that you are testing so guys that's where we can  use you know uh target scope feature in the burp   suite basically target scope allows us to you know  tell burp suite uh to crawl the application that   you are testing it will ignore everything and only  intercept the application that you are testing   so there are two methods for adding a website into  the target scope actually before adding an item   into the target scope let me explain these links  as you can see we have these bunch of links in two   colors gray and and the black fonts and the gray  font basically is indicating that you have visited   the website and these black colored fonts uh are  basically the sites that are linked to the youtube   all right we haven't actually visited them and  these links are basically linked to the youtube   perp suite basically crawls all the links that it  finds in a web applications now in order to add   an item into the target scope we have two options  first one you can right click on the application   that you want to add to the target scope click  on add to scope go with yes click on scope   and here you can see guys it has added the url  into the target scope and the second method that   we can use let me remove the existing url  first click on add write the full url https www.youtube.com now click on ok as you can see  item has been added to the target scope and   we have to complete two more additional  steps go to the proxy and options check   the button from intercept client request section  and check the button from responses section as   well now we are good to go now let's actually  check whether the target scope is working or not   and youtube is in our scope so let me visit let's  say if this pops up click on keep it gold.com now as you can see guys it hasn't been  intercepted and because it is not in our scope   now let me actually visit the website  which is in our scope i think it is youtube as you can see guys it has intercepted the site  which is in our scope so i'm going to forward it   hopefully guys you have understood how  the the proxy and target scope works   now we can filter out you know these unnecessary  links just click on the box which says filter   click on show only in scope items now  click outside the box as you can see we   only have the you know item or url which is  in our scope now you can basically you know   now check out the file structure how files  are saved in the in the server as you can see   now guys that we have understood how the core  components of burp suite work we can finally   move to the next component called intruder and  intruder is personally my favorite part of the   burp suite basically intruder allows you to  brute force usernames and passwords in a web   application and intruder is the most flexible tool  available out there for brute forcing and intruder   does a lot more than just brute forcing you can  automate attacks like sql injection or xss as well   alright you are gonna find out later in the video  now guys i am going to demonstrate intruder in   another website so i will have to remove uh  website from our target scope so in target   scope let me remove youtube from the from the  proxy section under options we have to uncheck   buttons from intercept requests and responses  sections as well back to the intercept if you see   this button logging off out of scope proxy  traffic is disabled then re-enable this   and from the http history i'm gonna get rid of  all the junk that we have intercepted right click   and delete selected items back to the  intercept i'm going to turn off the intercept   feature for a bit back to the browser the website  that i am going to use for for demonstrating   intruder is acunetix basically this website  allows you to test your web pen testing skills   online in a legal environment so visit the domain  test php dot one lab now let me turn on the   intercept feature and i'm gonna visit sign up back  to the work suite and let me forward the request   so guys this is the page login page where we are  gonna test the intruder and in the username field   let me type test and in password field i'm  gonna type a random password and down here   you can see the password that i have put in here  is the correct this is very much intentional you   are gonna find out it soon for now click on login  back to the burp suite proxy as you can see it has   intercepted the information that we passed to to  our login form and we can check the parameters   that we sent out to the forms on your right side  as you can see if you click on body parameter   the information is listed in much more you know  organized way now we can send this information   to any of these tools all you need to do right  click in the blank area and then you can send   information to any tool for now i'm gonna send it  to intruder as you can see intruder has flashed   if i go to the intruder as you can see intruder  has received information uh from this domain so   back to the proxy there is another method that you  can use for sending this information to any of the   the tool here just click on action then  you can send information to any tool   and i'm gonna forward by forwarding the  information will be you know saved into the   http history and in case guys you forward you know  the urls or information accidentally then you can   basically send information from http history tab  as well and i think it is the user info page where   the information was passed to from login page and  down here yes as you can see if you right click on   the url then you can send the sam information to  any tool all right now back to the intruder as you   can see guys uh we have information for these  for this domain on serial number two basically   information is being received in the ascending  order the number one will always be the default as   you can see this is the local host it will always  be here now in number two now click on positions   as you can see guys burp suite has marked  you know a few areas as you can see basically   these are the areas where we can inject the input  right that's why they are being marked by default   so burp suite basically thinks that you know these  are the potentially vulnerable areas that you can   exploit so i'm gonna clear this all these marked  areas first and in the attack type menu if you   click on here as you can see we have you know  different types of attacks sniper battling ram   pitchfork cluster bump cluster bomb i will you  know demonstrate all these attacks all right   for now we are gonna test this sniper now sniper  attack is used in the scenarios when you already   know either username or password in our case we  are gonna test the passwords all right so username   is going to be constant because we already know  it is correct we are only gonna try the different   passwords so you have to mark the field that you  want to test so i am going to test the password   field so i am going to select it and then from the  and then hit on add as you can see field has been   marked now it is going to inject passwords in the  password field now click on payloads now here we   have to supply the word list to the intruder as  you can see payload set it is one this is because   we only have to supply one word list and pillow  type you can basically use all these tools that   intruder provide but for now we are only gonna  need simple list so down here in this box we can   either load the existing word list from your hard  disk or you can basically supply words manually   so in order to load from your hard disk click on  load and browse the location and let me and let   me select this list as you can see it has listed  all the words that were present inside the list so   i have prepared this short list for demonstration  purpose and clear button basically clears the list   we can add words manually to let me add let's say  root hit enter then we have two now we are good   to go and click on start attack so this is just  a warning pop-up there are some functionalities   that are not available for the community  version this is all right just click on ok   sniper has you know started to inject the  passwords into the password field as you can   see now intruder has tried all the five passwords  that we supplied to it now in order to find out   which one worked there are a few methods that  you can use on the length column as you can see   we have you know these numbers basically length  column displays the size of page in bytes as you   can see for the most part it has returned length  of 253 let me click on a random 253 and down here   guys in the response and request and response  section what basically it means request means   what did you send to the login form as you can see  this is the username and this is the password that   we tried and in the response column as you can  see response that we got is you must login means   these credentials are not correct so here  the trick is you will have to hunt for   a different length and in our case we have  the different length 6 2 7 if i click on here   as you can see we supplied password and username  test and then in response tab we have got   a whole bunch of information basically when you  login successfully a web application has to pull   additional information about the user like like  you know user username email and all the relevant   information so naturally the page size gets bigger  so this is the case here and you can analyze   everything from top for example this is the you  know http code as you can see it has been 200   mains page has been loaded successfully and down  here you can see set cookie cookie has been set   now what does it mean a web application usually  sets either a cookie or session when you login   successfully as you can see in our case it has set  the cookie so down here let me check the response   and so as you can see we have log out page it  automatically means we have logged in so guys   you will have to analyze everything line by  line there are a few more effective methods   that you can use for you know verifying whether  you have logged in successfully or not and   one of them is sending information to the comparer  tab so i'm going to send two pages one with   373 length and another with the bigger  length so select after selecting right click   and send to compare compare responses as you  can see compare has flashed and as you can   see screen has been split into two sections in  the in the top half we have information for the   for the 373 bytes and down here we have  for the bigger page now click on words   now it is going to basically compare word  by word so we can basically identify colors   down here and yellow color is indicating  the newly added words blue is deleted and   this color is basically indicating the information  that has been modified so as you can see if you   analyze from the top again we have the set cookie  the usual 200 response now let me scroll down here   i'm going to look out for yellow text because  i want to see the new information that has been   loaded and let me scroll down as you can see  we have absolute this is just the css down   here as you can see user info your profile so  your profile this is a new word and yes this   is the information for the user so here you  can see guys we have information for the user   and if i scroll down as you can see user  info page and it has basically you know   pulled the information after logging in so guys  that's how we can use the comparer tab now we have   an interesting feature here sync view if you check  this button then what this button is gonna do   it scrolls both the pages simultaneously for  now i can't do it because page on my left side   it doesn't have the sufficient information  so when you test a real world application   uh there will be a plenty of information  on both sides so now i'm gonna close   and back to the intruder best method for finding  out is just click on the request in response   click on render button basically render button  displays how the page is actually looking inside   a web application as you can see we have log out  page down here we have information for the user   you can't actually you know click on these buttons  it just renders and then takes the screenshot   alright so guys this is probably the better  method or you can see the best method so guys   that's how the sniper attack works now i'm gonna  close this thing out and back to the intruder now   now we are gonna test the battering ram attack  so i will have to clear this request i need to   send the fresh request from http history so again  let me send this information to the intruder and   in positions let me clear the default  market area and select battering ram   and this time guys i will  have to select both the fields   now after marking both the fields we are good  to go so guys what basically battering ram   attack does it takes the word from a word list  then inject same word into the both fields it will   inject let's say a word test in the username field  and same word will be injected into the password   field as well this attack basically exploits  the common mistake that people make like putting   the same word for username and password field  for example username admin and password admin   so click on start attack sorry guys  i will have to set the payloads   before starting the attack and let me load  the list and now i can start the attack now as you can see it has used all the words that  we supplied if i click on any word down here in   the request you can basically see it injected  you know same word in the both fields as you can   see it you know eventually found the correct  credentials as well and we have already gone   through how to check for the correct credentials  now we can test another attack now let me select   pitchfork in the pitchfork mode we have to  supply two word lists so i am going to mark   both the fields username and password first  word list will be for user names and second for   passwords now pitchfork mode works by taking  words from both the lists one by one of course   then compare them against each other for  example it will take one word from user   name word list and one from password word  list then compare them against each other   so let me start the attack again guys i forgot  uh to load the payloads as you can see we have   two payloads this time so let me load the same  list and for the password let me start the attack so as you can see down here in the request tab  it took words from both the lists then compared   them against each other and eventually it was able  to get the correct credentials as well now the   last attack we have is the cluster bomb let  me select cluster bomb cluster bomb is similar   to pitch fork it also takes two word lists  but it works differently for example it   takes first word from username word list then  compare it against each word present in the   passwords word list and then it will repeat  the same cycle for all the usernames and   passwords all right so it also needs two  word lists so i will have to mark two areas and payload let me set word list for the  first payload this is username and for   the second payload let me select  the word list now start attack so as you can see it has tried all the  combinations there are total 16 tries right   and like i explained earlier it compared every  single word from username word list to passwords   a word list and with this attack also we were able  to find correct combination eventually as you can   see so guys that's how you can use the different  modes of of attacks in intruder so guys earlier i   also mentioned that intruder can be used for you  know automating attacks like xss or sql injection   so let me demonstrate that as well i will have to  start my apache server because i have prepared a   page specifically for the sql injection  attack local host i think it's inside the demo   folder i have sqsqli dot php file file  not found sql i think let me remove i sqi   yes this is the squi and i am going to try a an  sql injection payload and let me hit enter as you   can see request has been intercepted now let me  send this request to intruder and in the intruder go to the positions as you can see the potential  vulnerable areas have been marked let me clear   them and we are going to use the default  sniper attack because we only want to inject   payloads into one field add back to the  payloads now let me add the manual payloads   and one or one equal to one and comment   or one equal to one and again comment now  we are good to go let me start the attack now as you can see we have different response  length for the first one let me go to the response   and render as you can see for this length we have  try harder last payload did not work however for   this payload or this payload as you can see it  has leaked the information username dimalu as you   can see username email all the fields have been  exposed so guys that's how you can basically try   a different payloads automatically  now guys let's move to the repeater   repeater can be used for modifying requests  for example we tried sql injection in   auto mode with intruder but many times you  will have to perform attacks like sql injection   or xss manually that's where we can make use of  repeater you can send the request then it will   return the response in detail so let's  try it let me send the sql injection page   to repeater yes this is the page let me send  it to intruder sorry not intruder repeater   this time and as you can see now down here i can  pass the information let me modify these two or one equal to one and comment now click on send  and guys as you can see we have the response   payload did not work it says try harder we  may need to encode the url when you perform   sql injection you have to encode url for the most  part and if you don't know read about url encoding   so repeater tab basically gives you flexibility  to encode urls as you type automatically what we   can do let me it is everything and right click  we have url encode as you type just click on it   and now let me write the payload or 1 equal to  1 then comment and now let me send the request as you can see guys this time it has leaked the  information with the url encoding so that's how   guys you can you know basically try the things  like sql injection manually from repeater all   right now let's check decoder tab as well decoder  basically allows you to encode and decode data in   multiple forms so in this box if i type let's say  sony now i can basically encode or decode this   word in in multiple forms if i click on encode  menu as you can see we have option for plain text   this is already a plain text if i click on url  then as you can see down here it has been encoded   into the url and we have option for encoding it  into base64 url as well so guys you can basically   experiment around these features yourself they  are relatively easy and i can also apply hashing   algorithm just click on hash then we have all  the relevant hashes like sha and down here as   you can see we have bunch of varieties here and  if you click on smart decode then data will be   decoded back to its original form so guys decoder  is a useful feature to have now we have something   called extender now extender as the name suggests  allows you to you know extend the functionalities   of burp suite if you click on b app store here  we have extensions for purp suite this is the   marketplace and extensions are available for both  free and community version as you can see and   let me install auth analyzer extension just click  on here on your right side you can read about   the extension and down here we have option for  installation let me click on the button as you   can see it has been installed now as you can see  in the tool bar it has added an extra button auth   analyzer now you can configure this and make use  of this in order to uninstall go to the extensions   and here all the installed extensions will be  listed just click that you want to uninstall   and go for remove button yes and that's it as you  can see it has been removed so guys that's pretty   much it for this tutorial and thank you very  much for taking your time and watching the video
Info
Channel: Sunny Dimalu The Cyborg
Views: 8,307
Rating: undefined out of 5
Keywords: burp suite, burpsuite, bug tutorial, burp suite tutorial, how to use burp suite, burpsuite for beginners, burpsuite basics, burpsuite scan website, bug bounty, burp suite tutorial in english, burpsuite sniper attacks, burpsuite intercept, burpsuite kali linux, burpsuitee proxy, bug bounty with burpsuite, burpsuite community, burpsuite professional, bug bounty practical, bug bounty xss
Id: 8cfb46-2osk
Channel Id: undefined
Length: 39min 27sec (2367 seconds)
Published: Sat Mar 13 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.