setting up DVWA in burpsuite

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay i wanted to make a bit of an intro video to doing um setting up damn vulnerable web application and um when i say setting up i mean specifically setting one up on something like a virtual machine which i'm using here um i'm using virtualbox and i have a um a cali limit linux image on it and when i first set it up it took me like almost a day to get some of the settings right because my um for doing intercepting through burp suite because one of the issues i was having is that for some reason in burp suite all the other sites were getting intercepted and the um requests were getting uh hung up on the proxy but i actually wasn't getting the anything from the local host being hung up on the proxy so let me see if it actually works if i try just typing in anything and proxy servers refusing connections i also don't have that on so that might also be a issue okay so i'm going to turn the the proxy up temporarily um for some reason i've just been having all kinds of issues with the virtual machine and burp suite um but anyways so i'm going to leave intercept on for now and make sure that for my target okay so you see how basically it's not working at all and if i have it as my target and i try to refresh it and i try to move to any other page whatever it doesn't intercept any packets and that's also because the proxy is off but okay so again i refresh it try to go to another page it doesn't do anything even though the target is in there i'm not getting any any packets or anything um also i use my interface on 8081 for my proxy which is another reason why it might have not initially worked on the other pages let's see if it does it now may have to restart the browser i might just leave this on a on 8080 because of how difficult this thing has been there we go okay so now it's paused it's got the request i'm just going to forward the request so we can go to the next page so it works on other stuff but and my connection's a little bit slow on the virtual machine i don't know why my bridge connection but if you notice you can go through the damn vulnerable web application and really nothing happens there's no halting of and there's not even any grabbing or noticing of any of these any of these requests being made so what you have to do in the browser and this took me a really long time to figure out because i went through all these different stages to try to change the port configurations in apache and just make sure that my application itself wasn't also running on port 8080 so what i did was i changed my um my interface from my proxy on burp suite to 8081 for example to make sure they didn't overlap and there wasn't an issue there and went through all this stuff and it basically didn't do anything so eventually when i was scrolling down in one of the articles i managed to find this now this may not work for everybody because when i'm running again like i said is i'm using a virtual machine with kali linux and i'm using apache 2 and my sql to spin up this application but what you might want to do is check out this post here i'll go ahead and put the link in the description but basically changing settings within the browser was what allowed me to get it to work so what you want to do is you want to open up a new tab in your browser and type this and you're going to be able to edit permissions and then let me go ahead and copy the actual permission that we want to edit basically we want to set this to true it's set to false by default okay so i don't know if you have to but i always actually close and open the browser whenever i do this to make sure these settings actually stick otherwise i'm just sitting there doing nothing for no reason um so let me log back to it and you can see now when we go back to the damn vulnerable web application it is stuck so that is what we want we know that it's been intercepted so i'm going to afford this for this let me try to find the one from the local host there it is so here is the one here's the request that we have for it it's a little close so i'm going to go ahead and forward it and or it might have actually been the other one but you can see now we're back at the actual page and the whole reason that i wanted to do this was obviously so i could use burp suite for the modules and i know a lot of people like me who are getting started out in pin testing who maybe have experience in it and who know how to edit config files and stuff like that you know you might kind of go a little bit too far on the deep end and start editing things you really shouldn't but like i did but you actually don't have to all you have to do is go in the browser and basically change these settings now that again that's if you're running on that kind of environment if you're running something like microsoft iis you may have a different experience than me but this is just kind of a tutorial for anybody doing that so the whole reason that i wanted to do that was so that i could do things like using um thc hydro to uh to go through and brute force different logins like for example if i just put this in here and then i could see what the um what the body looks like of the request and things like that so that's kind of the main point of doing that so i could get past that stuff but basically that is it that is the tutorial you can pretty much use this for any of the features on the damn vulnerable web application because that's kind of what burp suite is for honestly to just pin test this vulnerable web app and read all of the requests coming and going kind of act as a man in the middle for that so yeah that is the whole process and i'm glad i was able to actually put this all in one video that's not super long and it's a little bit easier to understand i might cut out a little bit of it because of those issues i had in the beginning but overall we're looking pretty good so yeah i hope you guys found this useful i know i did this was a lot faster than it took me to do it again i got off work and my brain was just fried this took me like probably two hours to go through and figure out so hopefully you guys can get something out of it pretty quick

Info

Channel: what0fthew0rts

Views: 4,558

Rating: undefined out of 5

Keywords:

Id: LgUhHAPuBWo

Channel Id: undefined

Length: 7min 33sec (453 seconds)

Published: Sat Apr 17 2021