- What is a Proxy Server
A Proxy is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules.
In a more simple way the proxy's job is to stand between the client and the server and watch all the packets being sent between me(client) and my network (the sites i'm running on my browsers for example - whose BTW.. remote servers).
Mainly Proxy Servers are used for Security manners like:
- Keep machines behind it anonymous. //related to us
- Speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.
- Apply access policy to network services or content, e.g. to block undesired sites.
- Access sites prohibited or filtered by your ISP or institution. //related to us
- Bypass security / parental controls. //related to us
- Scan transmitted content for malware before delivery. //related to us
- Scan outbound content, e.g., for data leak protection. //related to us
- Which are the most familiar Proxy Servers
*I'm not gonna discuss the Types of proxies cause it's irrelevant.
We're talking only on Web Proxies
There are alot of Proxies out there but i want to go over only two of them:
1. Burp suite proxy - is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Download here: http://portswigger.net/burp/download.html
*Don't forget to make sure you have Java runtime on your PC, else download it from here :http://www.java.com/en/download/index.jsp
We need to make sure Java runtime is on because Burp suite executes from a .jar file, which is a file that has been compiled with Java machine such as Eclipse (a platform that compiles Java language).
O.k. after you got it all downloaded, don't open it yet. Keep reading.
2. Fiddler - Next Lesson (:
- Why do hackers use them?
As we will experience in a few moments you'll be able to see that those Web Proxies are a Hacker's best friend. Platforms such as Web Proxy have increased recentely, adding themselves more and more related functions and features, making
our hacking experience alot more comfortable.
When a Hacker opens the Web Proxy he whants to take a look "behind the scenes", behind the style and wrap of the web developers. After taking a look at it, he needs to collect data.. and fast! When turning on the Proxy, all requests and responses will go through it and the Hacker can track every bit, and respectively edit it as he wish.
By editing this kind of data, the browser can act differently, revealing usefull information.
There is a very famous attack called MITM (Man In The Middle), means an attacker will manage an application that sees all traffic between two points. One point is the victim... the other is the victim's bank site, Facebook or what ever interests the attacker. Web Proxy works the same way.. only now the victim's position is us, the attacker is also us because this is our PC and ("victim") we are the ones operating the Burp Proxy ("attacker"). And what about the victim?! Where did it go?
You're right.. the victim now is the site..
Let's try and scatch it for a little more understanding:
|PC| <---------> |Proxy| <----------> (( Internet ))
Now, the Hacker can choose between a few options.
Only watch traffic - a table that fill itself in every link that opens on your browser with a few more details.
Stop traffic - in order to watch a packet, drop it or edit is and resend to the browser.
There are more but those two are enough for now.
O.k. so now theoretically we are imaging how this application suppose to look like and it's about the right moment to jump in and show it to you.
- How do we use it, step by step
Let's extract the Zip file of the Free Edition, it's more than enough (:
After extracting Let's open the Burp suite folder and double click the .jar file:
burpsuite_v1.4.01.jar
Accept the agreement and follow the redirection untill the Burp suite window will appear.
That's it! you have a Web Proxy
Now all you need to do is learn how to use it
So let's run over the labels one by one and see whats is their functions.
Proxy label - Devided into three sublabels (intercept, option and history)
we can see that intercept is already clicked so let's look at it's body: it starts with Forward than Drop , Intercept is on/off and action.
Intercept means controling rather our request will stop before getting to the browser or not. a request means every command we are asking the browser to do, like: go to address, press on a button, search something etc. Basically any action that makes the browser "think" and link again is a request and the response is what you recived as a responed to your action. Example: Request - pressing a button that will take me from the Home page to the Gallery
Response - Display of the Gallery page.
Drop & Forward - If intercept is on, it means that the packet will stop and we can see inside the body (empty space)
a packet with it's Header and Body. the Body is the Source code of the page (you can watch it by clicking the right click of a mouse anywhere in the page (not on photos or movieclips) and pick the option Page Source).
Let's switch into the Options label and we can see a little table with the following values:
running - V , Port - 8080 , Loopback only - V ....
this means that in order to use the burp we need to chang your gateway port to 8080..
so let's do it (:
Go back to the browser:
Chrome - Go to screwdriver ---> Optiions ---> Behind the Scene ----> Change Proxy server ---->* LAN settings ---->
Under Proxy server mark "use a proxy server for your LAN...." -----> input Address: Localhost Port: 8080 (for Burp) ----->
Click 'Advanced' and mark "use same proxy for all protocols".
Mozilla/explorer - Go to Tools ----> Internet Options -----> Connections -------> * (same like Chrome)
Now... Magic time! Go to Burp and make sure that Intercept is on at the Intercept sublabel of the Proxy label and keep
it that way. Now refresh this page... TA DA!!
Dont panic. What you did was standing between your PC and your Browser while they are playing with a ball and you decided to grab the ball that came from your PC before it passed to the Browser. now if you want the Browser to get the ball back, all you need to do is click Forward. Unless you don't want him to get this ball, but after it he can kepp play with your computer.. just click Drop. Peןce a cake
Now let's click on the Intercept and turn it OFF.
What did we do?!?! now we can see anything!!
Well not exactly..
Let's switch to Target label and keep on using the browser.. Try entering http://www.nothing.com
now look at the Target's body.. you can see it's devided into three
1. Left bar - List of all domains we contacted (lots of them you wont even recognize because thier operating on the background while you are linking into somewhere... BTW that how attacks are being born.. silently
2. Upper right bar - while picking a domain, you can see all the pages you explored inside this domain.
you can edit a request to a false page in this domain like http://www.google.com/falsePage.asp and still it will be logged into the burp... But why?!... Well the burp is only a servent.. look at the column "status", this is the defenition of the request
say - 200-299 means it is ok
300-399 means their has been a redirection from the page you asked for to another page.
400-499 usually page does not exist or you are not allowed to see it
500s are server faults and run-time errors.. great for us because sometimes inside the errors there is a valuable
information.
3. Lower right bar - Request/Response display. Here you can watch the source code of the page you picked from the upper bar. So it's like a hierarchy - pick domain ---> pick page ---> watch the source
easy.All we need to learn is how to edit the page... well this is for next class.
read about the proxy but dont go to far! i''l see you here thursday (10/11) to continue from where we stopped.
Cheers,
Ce@ser
No comments:
Post a Comment