Thursday, January 12, 2017

must see -->Burp Suit : Web Pen Testing

video showing some of the features of the Burp Suite and how it can be used to run Pen Tests on devices that have web authentication. he will walk through setup and use of the target window to store proxy requests, and then combine that with the repeater, intruder and sequencer to attack the site. in the  talk  he will explain how we can use each view to analyze and view responses as we modify packets on the fly, he plans  to show how Burp helps you bypass site XSS and SQL injection checking, directory traversal, client side login checks, and find non-random sessions keys.

The last part of the demo he will show how you can  successfully used this in order to bypass the web authentication on an Iomega drive Network Access System. Without knowing the details of the CVE, upload a backdoor to the NAS and gain root so that I can use it as a pivot point and mount other attacks into the victims network... all with using Burp. All of this will be presented live, however instructions and PowerPoint will be provided so anyone can repeat this demo on their own.