Web App Penetration Testing - #1 - Setting Up Burp Suite

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hey guys hacker exploit here back again with another video and in this video we're going to get started with the web application penetration testing series all right so a lot of you guys have been asking for this mostly because you want to learn the art of bug bounty and here is the series so i've worked really really hard on you know making it as comprehensive as possible and in this video we're going to get started with setting up burp suite now this may seem simple for those for those of you who already have experience but for uh the beginners here which is again us you know we really have to take them into consideration this video is for you if you have never set up burp suite before i would recommend that you watch this uh so that you are up and running but for those of you who already know this you can skip this and uh you can just wait for the next video uh as it's being uploaded or as they are being uploaded all right so let's get started uh so for those of you who don't know what burp suite is burp suite is essentially an integrated platform uh for performing security testing of web applications all right so the first thing you need to understand is that it will it will allow us to intercept the data being sent between your browser and the web application so it's uh it's a great way of understanding how data is being transferred and how data can be manipulated be manipulated between the client and obviously the web application okay so the tool we're going to be using as i said is burp suite and uh i'm currently running part os so don't worry if you're running windows or kali linux it doesn't really matter all you need to do is just download and install web suite it's pretty simple to get set up you don't have to register you just download the free community version now obviously down the line you might choose to uh to buy the professional version which i do recommend and i have used uh but i i don't use it as often i'm not uh you know specifically a web penetration tester i'm more of a i'm more of an of a web server uh penetration tester so i really work with a different uh vector so uh by default you can choose to bite that's once you become experienced and uh you know you've chosen whether this is uh the path that you want to pursue it's a fantastic path i know a lot of people who you know make good money with bug bounty so uh you know it's something that you can look into as well all right so let's get started with setting up the proxy uh all right so this is the intercepting proxy that allows us to obviously to intercept the data being sent to and from the client and the uh the web the web application so to do that we need we can just do it through firefox so the browser i'll be using is firefox you can use whatever you want and by default you want to go into your preferences that can be found here preferences there we are and you want to go all the way into uh the bottom here that way it has the network proxy and make sure you go into settings and you want to go into manual proxy configuration all right so this is where you're going to configure it uh to be the local host with the port set uh at 8080 all right and then you want to make sure that this uh you use this server proxy for all protocols so that is the proxy we're going to be using and just hit ok all right and once that's done you should be good there now you what you want to do is just open up burp suite so you can search for it or i have it already on my on my little taskbar here and i don't think i've updated it for a while so i'll probably need to do that later but for now i'll just close the update prompt and it's going to prompt you welcome to burp suite and it's going to say uh now depending on the version that you've chosen to select whether you've chosen the community version which is what i have here or the free version as it's called and you then have the pro version so by default the community version uh only allows you to use a temporary project uh if you have the professional version it allows you to save your project which is uh you know great functionality as well so just hit next and you just want to hit use the burp defaults and just hit start burp and just give that a few seconds to start it up all right and i'll explain the interface generally but we'll be looking more into how burp works in the next video i just want to get you set up with burp in this video and you understand what exactly is going on all right so welcome to burp now by default again it may seem a little bit intimidating mostly because if you're a beginner you have not heard of any of these of these words here and you don't really know what they're doing all right so by default you have your target proxy spyder scanner intruder repeater sequencer decoder compare extender your project options your user options and alerts we'll be going through all of this as we as you know perform real world testing on our um on our vulnerable uh on our vulnerable target i'll be showing you how to set up a damn vulnerable web application soon and uh many others but for now just focus on burp suite all right so uh by default you want to just go into proxy all right and for some reason i already have some data here uh so you know what i'm just going to leave that as it is i just want to turn or intercept off so we are not intercepting any traffic as of yet and you want to go uh into your options and you want to make sure that your proxy listeners uh as you can see burke proxy uses listeners to receive incoming http request from your browser so you have to make sure that your proxy is set as the as the one we set in firefox which is the localhost 127.0.0.1 and the port is 8080 and make sure that that is running all right you can also create your own and add it here and you can also remove it so you get the idea now by default if i just go back to my intercept if i just go back to my browser and this is where the real magic happens if i just uh you know if i just open this and i type in a simple test site example.com and i just hit enter all right it's going to load it up here but if we're going to burp suite and i go into http history you can see that by default there are some firefox portals uh you know some get methods here but we'll be looking at all of these methods or requests by default you can see that the example.com uh the example.com url that we entered you can see there is a get request and furthermore if you go down to the bottom here you can see there is some more information regarding now what a request was sent to the web application uh or so by default you can see that um the hostos example.com and it gives you more information like the accept language and the encoding uh the connection and if you look at the headers you can see that the the header uh shows uh you know very very clearly you have your get host uh use agent accept uh language they accept encoding connection etc etc so you might be a little bit confused if this is your first time hearing about uh you know headers uh and the requested response pairs but don't worry about that we'll get to all of this for now if i just go back into intercept and um let me just open up my browser here and we open something like the my web my website which is hsplite.com uh so before we do that i just want to hit intercept on all right so now it's going to intercept actively and we're just going to hsp.com and i hit go all right now by default it's going to tell me that uh essentially that my connection is not secure don't worry about this just go into your uh and just add this as an exception there we are i'm going to hit confirm exception and now it's still not going to load the website and the reason being is we have not forwarded the request and they are being intercepted by burp suite all right so if i go into back into burp suite you can see that uh it has started the intercept process and uh by default you can see that uh we need to forward uh we need to for the uh the requests here so if i just forward it uh let me just fold that again there we are let me just for them for hacking split there we are that's the correct one so i'll forward this again and uh there we are so now hacker's plate should be up and running and as you can see it should have loaded the site give that a few seconds there we are all right so as you can see that is how you intercept uh the data that is being sent from the client to the web application and uh furthermore that's how you you can analyze the data being sent and furthermore manipulate it to obviously find vulnerabilities within the web application all right so irregardless of all of this i know this was very very basic and it's not really covered anything in terms of web application penetration testing but don't worry about that uh you know we start off uh really really simple and we build on that this series is going to be quite a long one so you can expect a lot of a lot more videos all right so that's going to be it for this video just a quick introduction to burp suite and how to get you the proxy setup and obviously how to you know intercept your first bit of our requests uh anyway in this in the next video we'll get started with uh the you know the methodologies and the terminology and understanding the um understanding http a lot a lot better all right so that's going to be it for this video guys i hope you found value in this video if you did please leave a like down below all right if you have any questions you can leave them in the comment section on my social networks on the website and yeah thank you so much for watching and i'll be seeing you in the next video peace you
Info
Channel: HackerSploit
Views: 475,587
Rating: undefined out of 5
Keywords: hackersploit, burp suite, hacker, hacking, kali linux, kali, web penetration testing tools, web penetration testing with kali linux, web penetration testing course, web penetration testing tutorial, web penetration testing using kali linux, web penetration testing with kali linux tutorial, web penetration testing lab, web app penetration testing, burp suite pro, burp suite hacking, burp suite crack, burp suite professional, burp suite basics, burp suite xss
Id: YCCrVtvAu2I
Channel Id: undefined
Length: 9min 40sec (580 seconds)
Published: Tue Feb 27 2018
Related Videos
Web App Penetration Testing - #2 - Spidering & DVWA
HackerSploit
173K
Master Burp Suite Like A Pro In Just 1 Hour
Netsec Explained
20K
Scan for Vulnerabilities on Any Website Using Nikto [Tutorial]
Null Byte
399K
TryHackMe! Basic Penetration Testing
John Hammond
2.4M
Web App Penetration Testing - #13 - CSRF (Cross Site Request Forgery)
HackerSploit
162K
Burpsuite Basics (FREE Community Edition)
John Hammond
473K
Web App Penetration Testing - #3 - Brute Force With Burp Suite
HackerSploit
152K
Web App Penetration Testing - #4 - Web Application Firewall Detection With WAFW00F
HackerSploit
94K
Testing for SQL injection vulnerabilities with Burp Suite
PortSwigger
32K
ChatGPT For Cybersecurity
HackerSploit
461K
Hunt Down Social Media Accounts by Usernames Using Sherlock [Tutorial]
Null Byte
2M
Web hacking tutorial with Burp Suite - FREE Community edition
Nour's tech talk
23K
Ethical Hacking 101: Web App Penetration Testing - a full course for beginners
freeCodeCamp.org
1.8M
Real web application pentest, NOT a CTF!
thehackerish
5.6K
Hacking Web Applications (2+ hours of content)
The Cyber Mentor
100K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.